CMS Steps Up Nursing Home Inspections & Tightens Inspections In Response To Continuing COVID-19 Outbreaks & Deaths

April 3, 2020

Skilled nursing and other long term care facilities commonly known as “nursing homes”  (“LTC facilities”),[i] rehabilitation, assisted living, retirement and other facilities and communities caring for elderly, disabled, aged or other infirm patients or residents should use recently released tools to confirm the adequacy of and update their current COVID-19 and other infectious disease prevention and control and other key policies and practices with the latest Centers for Medicare & Medicaid Services (CMS) and Centers for Disease Control and Prevention (CDC) requirements and guidelines in light of recently announced changes to CMS nursing home inspection policies (the “Targeted Inspection Policy”)[iii] that target nursing homes with COVID-19 outbreaks or death for likely inspection announced March 23, 2020 including all existing requirements including new “recommendations” on nursing homes on COVID-19 preparedness and response announced April 2, 2020 (the “April Recommendations”).[iii]

Prompted by the continuing explosive growth in COVID-19 infection and deaths among nursing home residents and widespread deficiencies found during recent inspections at the Kirkland, Washington Life Care Center nursing homes (the “Kirkland Facilities”) made notorious by the death of 23 people and other nursing homes with COVID-19 inspections, the Targeted Inspection Policy and April Recommendations supplement and give more teeth to the CMS Guidance for Infection Control and Prevention of Coronavirus Disease 2019 (COVID-19) in Nursing Homes (the “3/3 Directive”)[iv] previously released by CMS released in conjunction with President Trump’s Proclamation on Declaring a National Emergency Concerning the Novel Coronavirus Disease (COVID-19) Outbreak (“COVID Emergency Declaration”) in response to concerns raised by reports of 19 COVID-19 related deaths at the Kirkland Facilities[v] on March 13, 2020.

Despite CMS and CDC’s efforts to reign in nursing home based COVID-19 infections and deaths by ordering nursing homes in the Nursing Home Directive to limit outside visitors and take other precautions outlined in the Nursing Home Directive and release of other guidance and tools,  nursing home based COVID-19 infections and deaths have continued to soar since March 13, 2020.[vi]  Meanwhile, onsite audits at the Kirkland Facilities and other facilities during March uncovered concerning deficiencies in the compliance at the Kirkland Facilities and many other nursing homes across the nation, as well as the need to address other weaknesses in current CMS and CDC practices and guidelines that the agencies determined were perpetuating practices that left nursing home residents exposed to COVID-19.

The new Targeted Inspection Policy and April Recommendations attempt to address these compliance and other concerns by updating, clarifying and supplementing previously established requirements and guidance, providing new tools for nursing homes and their inspectors to use to assess nursing home compliance with the latest standards and stepping up inspections and enforcement of nursing homes that experience COVID-19 outbreaks.[vii]

April Recommendations Send Warnings, Share New Tools

To this end, the just announced April Recommendations urge nursing homes to move quickly to clean up their practices by:

  • Urging nursing homes to immediately ensure that they are complying with all CMS and CDC guidance related to COVID-19 and other infection control and other requirements;
  • Urging nursing homes immediately to implement symptom screening for all staff, residents, and visitors – including temperature checks; [viii]
  • Urging nursing homes to ensure all staff are using appropriate PPE when interacting with patients and residents, to the extent PPE is available and per CDC guidance on conservation of PPE;
  • Confirming the availability of Medicare coverage of Medicare enrolled residents performed by laboratories and that facilities can allow laboratory personnel into facilities to perform the tests;
  • Urging State and local leaders to consider the needs of long term care facilities with respect to supplies of PPE and COVID-19 tests as nursing homes are a critical part of the healthcare system, and because of the ease of spread in long term care facilities and the severity of illness that occurs in residents with COVID-19,
  • Recommending facilities use separate staffing teams for residents to the best of their ability to avoid transmission within nursing homes in response to evidence that using staff shared between multiple facilities helped to fuel the COVID-19 outbreak in the Kirkland Facilities;
  • Consistent previously published guidance and resources on the CDC Isolation Sites and Alternative Care Sites webpage,[ix] urging nursing homes to work with State and local leaders to designate separate facilities or units within a facility to separate COVID-19 negative residents from COVID-19 positive residents and individuals with unknown COVID-19 status; and
  • Encouraging  facilities to use new targeted survey assessment tools adopted by CMS to guide inspections under the Targeted Inspection Program to self-assess and make appropriate adjustments to tighten their facility compliance with applicable requirements and guidelines promptly.

While characterized as “recommendations,” the reaffirmation in the April Recommendations that CMS intends to continue to follow the new Targeted Inspection Policy announced March 23, 2020 sends a strong message to all nursing homes that CMS does not view compliance with the recommendations as optional.

Under the Targeted Inspection Policy, CMS intends to conduct targeted inspections giving prioritization for Immediate Jeopardy investigations over recertification surveys for Clinical Laboratory Improvement Amendment (CLIA) laboratories.

According to CMS’ announcement regarding the Targeted Inspection Policy, only the following types of federal inspections will be prioritized and conducted over the next few weeks:

  • Complaint inspections: State survey agencies will continue to conduct inspections related to complaints and facility-reported incidents that are triaged at the Immediate Jeopardy level. Inspectors will use a streamlined Infection Control review tool, regardless of the Immediate Jeopardy allegation.
  • Targeted Infection Control inspectionsFederal and state inspectors will conduct targeted infection control inspections of providers identified through CMS collaboration with the Centers for Disease Control and Prevention (CDC). These inspectors will use a streamlined targeted review checklist to minimize the impact on provider activities, while ensuring providers are implementing actions to protect health and safety.  This will consist of both onsite and offsite inspections.
  • Self-AssessmentsThe Infection Control checklist referenced above will also be shared with providers and suppliers, to allow for self-assessment of their Infection Control plans.  This may be the best solution in some cases when there is a lack of personal protective equipment or state surveyors available.

During this time frame, CMS has indicated it will not conduct the following inspections:

  • Standard inspections for nursing homes, hospitals, home health agencies, intermediate care facilities for individuals with intellectual disabilities, and hospices; and
  • Revisit inspections not associated with Immediate Jeopardy.

In addition to redefining the priorities and scope for conducting inspections in the new Targeted Inspection Policy, CMS also refocused the inspection process that surveyors are expected to use when conducting inspections under the Targeted Inspection Policy which includes existing components of CMS’s infection control inspection process updated to include the latest CDC and CMS guidance. Under the Targeted Inspection Policy CMS and state inspectors will be guided by a newly developed and updated targeted assessment tool in assessing if certain facilities are prepared to meet CMS’s expectations for preventing the spread of COVID-19.  When gaps are identified, CMS warns that facilities will be required to take corrective actions to close the gaps.

Facilities are well advised to follow the recommendation of CMS to use the new surveyor tools to self-assess their own ability to prevent the spread of COVID-19 in accordance with applicable CMS requirements both to mitigate potential exposures to CMS sanctions and because CMS also is encouraging residents and families to be proactive about nursing home safety by among other things asking facility staff how the facility performed on its self-assessment.  Facilities and their leaders at all times should keep in mind the significant risks that they are likely to incur if significant deficiencies are found from an inspection.  While the March 23, 2020 announcement of the Targeted Inspection Policy states that CMS is not seeking to be punitive, but rather to respond to urgent issues while proactively ensuring providers are compliant with federal health and safety standards.  Accordingly, CMS has indicated that CMS intends to exercise enforcement discretion, unless Immediate Jeopardy situations arise.  Given the conclusions announced regarding Immediate Jeopardy findings found from the inspection at the Kirkland Facility, however, nursing homes are well advised to assume that the occurrence of COVID-19 related deaths or infections at their facilities might create a significant risk of Immediate Jeopardy findings with regard to their facilities which could result in significant sanctions.

CMS and other agencies continue to tailor their response to the COVID-19 outbreak.  In addition to verifying and maintaining their compliance with current COVID-19 and other CMS, CDC and state and local requirements and guidelines, nursing homes and their leaders also should continue to monitor emerging developments and guidance from CMS, CDC, the Federal Emergency Management Agency (“FEMA”) and their state and local regulatory bodies.

[i]  Nursing homes (also known as “skilled nursing facilities” under the Medicare program and “nursing facilities” under Medicaid; or “long-term care facilities”).

[ii]  Press release Trump Administration Issues Key Recommendations to Nursing Homes, State and Local Governments, CMS (2020), https://www.cms.gov/newsroom/press-releases/trump-administration-issues-key-recommendations-nursing-homes-state-and-local-governments (last visited Apr 2, 2020).

[iii] Fact sheet Kirkland, Washington Update and Survey Prioritization Fact Sheet, CMS (2020), https://www.cms.gov/newsroom/fact-sheets/kirkland-washington-update-and-survey-prioritization-fact-sheet (last visited Mar 31, 2020).

[iv]  Guidance For Infection Control and Prevention of Coronavirus Disease 2019 (COVID-19) in Nursing Homes, DEPARTMENT OF HEALTH & HUMAN SERVICES (2020), https://www.cms.gov/files/document/3-13-2020-nursing-home-guidance-covid-19.pdf (last visited Mar 30, 2020).

[iv]  Nursing home with the biggest cluster of covid-19 deaths to date in the U.S. thought it was facing an influenza outbreak, a spokesman says, https://www.msn.com/en-us/news/us/nursing-home-with-the-biggest-cluster-of-covid-19-deaths-to-date-in-the-us-thought-it-was-facing-an-influenza-outbreak-a-spokesman-says/ar-BB11fvgj (last visited Mar 30, 2020).

 [vi]  See e.g., Guidance for Infection Control and Prevention of Coronavirus Disease 2019 (COVID-19) in Nursing Homes (REVISED), CMS (2020), https://www.cms.gov/files/document/qso-20-14-nh-revised.pdf (last visited Apr 2, 2020).

[vii]  In the initial wave of surveys during the week of March 30, CMS reports finding 36 percent of facilities inspected in recent days did not follow proper hand washing guidelines and 25 percent failed to demonstrate proper use of personal protective equipment (PPE) required by longstanding federal regulations.  Press release Trump Administration Issues Key Recommendations to Nursing Homes, State and Local Governments, CMS (2020), https://www.cms.gov/newsroom/press-releases/trump-administration-issues-key-recommendations-nursing-homes-state-and-local-governments (last visited Apr 3, 2020).

[viii]  Facilities that have not already done so should consult with experienced legal counsel for assistance about the advisability of providing or posting notifications and/or securing consents to these screening procedures, advisable or recommended procedures regarding the collection, use, or disclosure of screenings or their results, or other safeguards to manage relevant privacy or other legal rights or risks.

[ix]  See Alternate Care Sites and Isolation Sites (March 25, 2020) https://www.cdc.gov/coronavirus/2019-ncov/healthcare-facilities/alternative-care-sites.html. Also see Topic Collection: Alternate Care Sites (including shelter medical care) https://asprtracie.hhs.gov/technical-resources/48/alternate-care-sites-including-shelter-medical-care/47.

More Information

We hope this update is helpful. In addition to this update, the author also has prepared a more comprehensive discussion of these concerns scheduled for publication by the American Bar Association Health Publication in April, 2020.  To request access for a prepublication unofficial manuscript of that upcoming publication or of more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications. As a significant part of her work, Ms. Stamer has worked extensively on pandemic, business and other crisis planning, preparedness and response for more than 30 years.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EHR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other health industry matters, workforce and health care change and crisis management and other highly regarded publications and presentations, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. ©2020 Cynthia Marcotte Stamer.  Limited non-exclusive license to republish granted to Solutions Law Press, Inc.™ All other rights reserved.


COVID-19 Telehealth Relief; CMS ESRD, General Practitioner Telehealth Toolkits Released

March 24, 2020

The U.S Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced Health Insurance Portability & Accountability Act Privacy Rule 2019 Novel Coronavirus (COVID-19) emergency enforcement relief for certain covered health care providers and their business associates participating in the operation of mobile, drive-through, or walk-up COVID-19 specimen collection and testing sites that only provide COVID-19 specimen collection or testing services to the public (Community-Based Testing Sites, or CBTS).  The Notification of Enforcement Discretion ON CBTS During The COVID-19 Nationwide Public Health Emergency (“Notice”) expands upon the series of HIPAA enforcement relief and other flexibility OCR has granted to health care providers and other HIPAA-covered entities and business associates when dealing with the COVID-19 National Health Emergency declared by President Trump on March 13, 2020.

While welcome relief for those health care providers and business associates that qualify for this relief, it is critical that all health care providers, health plans, health care clearinghouses and their business associates do not overlook the importance of ensuring their HIPAA obligations are fulfilled amid the frenzy of coping with the ongoing COVID-19 crisis.  Like OCR’s previously announced March 30, 2020 Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Telehealth Relief”) and the COVID-19 related flexibilities granted by OCR in its February 2020 Office for Civil Rights, U.S. Department of Health and Human Services BULLETIN: HIPAA Privacy and Novel Coronavirus (“OCR COVID-19 HIPAA Bulletin”), the CBTS Notice provides valuable flexibility and relief for HIPAA covered entities and business associates that qualify for the granted relief.  While welcoming this relief, all covered entities and business associates need to keep in mind that the shifting of care locations, systems, affiliations and other arrangements to deal with the COVID-19 national health emergency generally are accompanied by changes in the collection, use, access, disclosure, storage and transmission of protected health information generally and electronic protected health information and its associated devices and systems.  Except to the extent protected by COVID-19 or other specific disaster relief from OCR, covered entities and business associates need to use care to conduct appropriately documented risk assessments and take other necessary steps to maintain HIPAA compliance in these operations and systems throughout the emergency.  See also COVID-19 Telehealth Relief; CMS ESRD, General Practitioner Telehealth Toolkits Released;  OCR Grants HIPAA Telemedicine Relief During COVID-19 Crisis.

April 9 HIPAA Enforcement Relief For Certain COVID-19 Testing Related Activities

According to Director Roger Severino, the limited enforcement relief  in the Notice is intended  “to encourage the growth of mobile testing sites so more people can get tested quickly and safely.”  Under the April 9, 2020 Notice, OCR will not impose penalties for violations of HIPAA regulatory requirements committed by covered entities or business associates in connection with their good faith participation in the operation of COVID-19 testing sites during the COVID-19 nationwide public health emergency.  The enforcement relief provided by the s retroactive to violations committed on or after March 13, 2020 even though just announced on April 9.

The enforcement relief applies to all HIPAA covered health care providers and their business associates when such entities are, in good faith, participating in the operation of a CBTS.   According to the Notice, operation of a CBTS includes all activities that support the collection of specimens from individuals for COVID-19 testing.  Covered entities and business associates intending to rely upon the enforcement relief need to understand its limited scope. The relief only applies to health care providers or their business associates when participating in CBTS related activities. It does not apply to non-CBTS related activities of health care providers  or their business associates including the handling of PHI outside of the operation of a CBTS or to health plans, health care clearinghouses, or their business associates performing health plan and clearinghouse functions. To the extent that an entity performs both plan and provider functions, the Notice says the relief only applies to the entity in its role as a covered health care provider and only to the extent that it participates in a CBTS.  Covered entities and business associates not covered by the CBTS relief provided by the Notice generally remain subject to all otherwise applicable HIPAA requirements except as otherwise provided in the Telehealth Relief or other COVID-19 related flexibilities granted by OCR in the OCR COVID-19 HIPAA Bulletin or other previously issued HIPAA guidance for dealing with public emergencies,

While committing that OCR will not take HIPAA enforcement action against covered entities or business associates for violating HIPAA’s regulatory requirements during the COVID-19 emergency, the Notice nevertheless encourages covered entities and business associates participating in the good faith operation of a CBTS to implement reasonable safeguards to protect the privacy and security of individuals’ PHI including:

  • Using and disclosing only the minimum PHI necessary except when disclosing PHI for treatment.
  • Setting up canopies or similar opaque barriers at a CBTS to provide some privacy to individuals during the collection of samples.
  • Controlling foot and car traffic to create adequate distancing at the point of service to minimize the ability of persons to see or overhear screening interactions at a CBTS. (A six foot distance would serve this purpose as well as supporting recommended social distancing measures to minimize the risk of spreading COVID-19.)
  • Establishing a “buffer zone” to prevent members of the media or public from observing or filming individuals who approach a CBTS, and posting signs prohibiting filming.
  • Using secure technology at a CBTS to record and transmit electronic PHI.
  • Posting a Notice of Privacy Practices (NPP), or information about how to find the NPP online, if applicable, in a place that is readily viewable by individuals who approach a CBTS.

While OCR says the Notice’s enforcement relief for CBTS related activity is not conditional upon adherence to these recommendations, CBTS involved covered entities and business associations should keep in mind that the OCR relief does not necessarily affect their otherwise applicable requirements, if any, to comply to these and other health or medical privacy, data security, confidentiality or other similar requirements applicable under otherwise applicable state statutory or common laws, regulations, accreditation or credentialing, contractual or other legally relevant requirements or standards.

Today, the Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) released two comprehensive toolkits on telehealth:

  • The Telehealth Toolkit for General Practitioners available here;
  • The End-Stage Renal Disease Providers Toolkit available here.

The Toolkits’ release follows up on last week’s Centers for Medicare & Medicare Services (“CMS”) loosening of requirements for Medicare coverage of telehealth services and privacy and data security requirements so that beneficiaries can receive a wider range of services from their doctors without having to travel to a healthcare facility on a temporary and emergency basis under the 1135 waiver authority and Coronavirus Preparedness and Response Supplemental Appropriations Act.

COVID-19 Emergency TeleHealth Waivers & Rules

Under this temporary new waiver, Medicare can pay for office, hospital, and other visits furnished via telehealth across the country and including in patient’s places of residence starting March 6, 2020.  The waiver applies to a range of providers, such as doctors, nurse practitioners, clinical psychologists, and licensed clinical social workers, will be able to offer telehealth to their patients.

  • New TeleHealth Toolkits

Each of the telehealth toolkits released today contains electronic links to reliable sources of information on telehealth and telemedicine, which will reduce the amount of time providers spend searching for answers and increase their time with patients. HHS intends these links to help providers choose learn about the general concept of telehealth, choose telemedicine vendors, initiate a telemedicine program, monitor patients remotely, and develop documentation tools. Additionally, the information contained within each toolkit also outlines temporary virtual services that could be used to treat patients during this specific period of time.

  • COVID-19 Temporary Limited Scope HIPAA Privacy Telehealth Relief

The HHS COVID-19 emergency teleheath waivers follow up on the HHS Office for Civil Rights (OCR) March 20, 2020 Notification of Enforcement Discretion on Telehealth Remote Communications (the “Notice”) announcing temporary, limited scope enforcement relief from some, but not all of the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules for health care providers using “non-public facing” communication technologies to provide telemedicine services during the COVID-19 health care emergency

Intended to allow health care providers greater latitude under HIPAA to  communicate with patients and provide telehealth services through remote communications technologies during the COVID-19 national emergency, the Notice allows covered health care providers wishing to use audio or video communication technology to provide telehealth to patients during the COVID-19 nationwide public health emergency the option to  any availabe “non-public facing” remote communication product to communicate with patients if the platform by verifying the platform is HIPAA compliant and securing the necessary business associate agreement (“BAA”) with the communication provider.

Specifically the Notice announces OCR is exercising its enforcement discretion  not to impose penalties for noncompliance with the HIPAA Rules in connection with the good faith provision of telehealth using non-public facing audio or video communication products during the COVID-19 nationwide public health emergency in accordance with the requirements set forth in the Notice.  The non-enforcement policy applies to telehealth provided for any reason, regardless of whether the telehealth service is related to the diagnosis and treatment of health conditions related to COVID-19.   During the COVID-19 emergency, this relief for non-public facing remote communications allows a health care providers  the flexibility when it determines appropriate in his or her professional judgement to request to examine a patient using a video chat application connecting the provider’s or patient’s phone or desktop computer in order to assess a greater number of patients while limiting the risk of infection of other persons who would be exposed from an in-person consultation.

The relief does not apply to “public facing” remote communications however,  Facebook Live, Twitch, TikTok, and similar video communication applications are considered “public facing.”  The OCR bulletin states health care providers should not use any of these or other public facing remote communications to provide telehealth services under the Bulletin.

The Notice also alerts health care providers providing telemedicine services under the Notice need to ensure they have in place appropriate business associate agreements {“BAAs”) with each technology vendors used to conduct these communications and that the vendor is otherwise HIPAA compliant.  The Notice lists the following as some vendors that have represented to OCR that they provide HIPAA-compliant video communication products and that they will enter into a HIPAA BAA include:

  • Skype for Business
  • Updox
  • VSee
  • Zoom for Healthcare
  • me
  • Google G Suite Hangouts Meet

Providers should note that the Notice also states that OCR does not endorse, recommend or certify any of these vendors or the adequacy of their BAAs.  Consequently, providers intending to use any of thes platforms should conduct their own documented due diligence to confirm that the necessary HIPAA requirements are met.    Providers also should keep in mind that the OCR Notice does not modify any otherwise applicable federal or state law, contractual or ethical requirements that may apply to their use of these telemedicine platforms.  As many provider’s HIPAA notices may have included statements inconsistent with the use of these technologies, the provider should consider providing notification of the change of its practices that includes disclosures about potentially lower privacy protections.  Because the relief is limited in scope and duration, providers relying on the relief also will need to closely monitor developments and adjust practices as necessary when the emergency waivers expire or are modified.

Covered Entities & Business Associates Should Conduct Documented Risk Assessment To Verify Compliance Taking Into Account COVID-19 Operational Changes & Relief

Health care providers, health plans, health care clearinghouses and their business associates hoping to rely upon the relief in the CBTS Notice, the Telehealth Relief,  the OCR COVID-19 HIPAA Bulletin or other previously issued HIPAA guidance for dealing with public emergencies, need to verify their qualification and compliance with that guidance.  In the meantime, all HIPAA covered entities and business associates also should be cognizant of the advisability of also conducting timely, documented risk assessments and taking other necessary steps to ensure that they can demonstrate that their ongoing operations, taking into account any COVID-19 specific changes in operations, systems, locations, business associates or other HIPAA relevant arrangements or operations, comply with all remaining relevant requirements of HIPAA or other relevant federal or state statutory, regulatory, common law, ethical, contractual or other requirements. This is particularly important with respect to modification locations, equipment, or other COVID-19 related changes may impact or disrupt usual operations or involve the use, access, disclosure, retention or transmission of protected health information or other sensitive data outside of processes, systems or location previously subject to a risk assessment to confirm and document adequate compliance with HIPAA or other relevant requirements.  To the extent that any deficiencies may have occurred, timely action should be taken to conduct an appropriate documented investigation and risk assessment, and provide any necessary breach notification or other corrective action necessary to correct or mitigate those events.  Because of the potential sensitivity of these activities, health care providers, health plans, health care clearinghouses and their business associations should consider contacting experienced legal counsel to arrange for those activities to be structured to preserve the possibility of using attorney-client privilege or other legal privileges to help defend sensitive communications or evaluations against discovery in the event of a future litigation or administrative investigation.

More Information & Resources

We hope this update is helpful. If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help.  To learn more about Ms. Stamer, her services, experience, publications or involvements; to review or request other developments, publications, resources and tools; or to register for future updates, see www.cynthiastamer.com, see www.cynthiastamer.com; connect on LinkedIn or Facebook; or contact us via e-mail or via telephone at (214) 452 -8297

About The Author

Cynthia Marcotte Stamer is a practicing attorney, management and regulatory affairs consultant, author and lecturer, who has worked extensively on pandemic and other crisis planning, preparedness and response and other business change, risk, compliance and operation management throughout her 30 plus year career.

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, and a Fellow in the American Bar Foundation, the Texas Bar Foundation and the American College of Employee Benefit Counsel, Ms. Stamer is widely recognized for her pragmatic, leading edge work, scholarship and thought leadership on domestic and international, public and private sector health care and managed care, workforce and performance, safety, legal and operational compliance and risk management, crisis preparedness and response, and other essential legal and operational concerns.

Her experience includes extensive work domestically and internationally with hospitals, health care systems, clinics, skilled nursing and other long term care, rehabilitation and other health care facilities; physicians, medical staff and other health care providers and organizations; accreditation, peer review and quality committees and organizations;  health care management and technology and other health and managed care industry clients; self-insured and insured health and other employee benefit plans, their sponsors, fiduciaries, administrators, insurers and service providers and other payers; employers; billing, utilization management, quality, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization and the author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans and a multitude of other publications and workshops on health and other disaster and other crisis preparedness, risk management and response, as well as a multitude of other health care, workforce and other management and regulatory affairs publications and presentations, Ms. Stamer also shares her thought leadership through her extensive and diverse involvement in a broad range of other professional and civic organizations.  Examples of these involvements include her service as the current American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former JCEB Council Representative;  past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group; former ABA RPTE Employee Benefits & Other Compensation Group Chair and Past Chair and current Co-Chair of its Welfare Benefits Committee;  former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas; former technical advisor to the National Physicians Council on Health Care Policy; former member of the Stem Cell Advisory Committee; and in a multitude of other professional, trade, civic and community service organizations.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE:   These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.  Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.  Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2020 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.


University of Rochester Medical Center Paying $3 Million For Unencrypted Laptop & Flash Drive

November 6, 2019

$3 million is the hefty price that the University of Rochester Medical Center (URMC) has agreed to pay to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules arising from the loss of unencrypted laptops and other mobile devices containing protected health information (PHI).  Like prior settlements and civil monetary penalties OCR previously assessed against HIPAA-covered entities for using or storing electronic protected health information (ePHI) on unencrypted mobile devices, the $3 million sanction and other requirements imposed in the   URMC Resolution Agreement and Corrective Action Plan  made public after the close of business on November 5 reaffirm OCR’s readiness to sanction harshly health care providers, health plans, healthcare clearinghouses and businesses associates for the loss or compromise of ePHI due to the covered entity’s failure to appropriately encrypt mobile devices.  Any HIPAA covered entity or business associate that has not already done so must act to avoid a similar fate by establishing and enforcing systematic procedures to ensure all mobile devices using, accessing, storing or otherwise dealing with  ePHI are properly encrypted at all times.

URMC Breach & Resolution Agreement

The URMC Resolution Agreement resolves potential charges resulting from an OCR investigation commenced in response to breach reports UMRC filed with OCR in 2013 and 2017. The breach reports disclosed UMRC’s discovery of the impermissible disclosure of PHI through the loss of an unencrypted flash drive and theft of an unencrypted laptop, respectively. URMC includes healthcare components such as the School of Medicine and Dentistry and Strong Memorial Hospital. URMC is one of the largest health systems in New York State with over 26,000 employees.

OCR’s investigation revealed that URMC failed to conduct an enterprise-wide risk analysis; implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level; utilize device and media controls; and employ a mechanism to encrypt and decrypt electronic protected health information (ePHI) when it was reasonable and appropriate to do so. Of note, in 2010, OCR investigated URMC concerning a similar breach involving a lost unencrypted flash drive and provided technical assistance to URMC. Despite the previous OCR investigation, and URMC’s own identification of a lack of encryption as a high risk to ePHI, URMC permitted the continued use of unencrypted mobile devices.

OCR made a point of reaffirming the requirement to encrypt laptops and other mobile devices containing ePHI when announcing the new Resolution Agreement. “Because theft and loss are constant threats, failing to encrypt mobile devices needlessly puts patient health information at risk,” said Roger Severino, OCR Director. “When covered entities are warned of their deficiencies, but fail to fix the problem, they will be held fully responsible for their neglect.”

As part of its punishment for allowing the ePHI breaches by failing to encrypt mobile devices, URMC must pay a $3 million monetary settlement as well as undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.

Mobile Device Encryption Requirement Well-Established

OCR repeatedly through published guidance and reported sanctions repeatedly  has warned covered entities and business associates not to permit ePHI to be used, accessed or stored on unencrypted laptops or other mobile devices.  In 2017, Children’s Medical Center of Dallas (Children’s) paid a  $3,217,000.00 Civil Monetary Penalty (CMP) after OCR issued its January 18, 2017 Final Determination that Children’s for years knowingly violated HIPAA by failing to encrypt or otherwise properly secure ePHI on laptops and other mobile devices and failing to comply with many other HIPAA requirements.  See Learn From Children’s New $3.2M+ HIPAA CMP For “Knowing” Violation of HIPAA Security Rules.   An OCR Newsletter Article on  Guidance on  Mobile Devices and Protected Health Information (PHI), for instance, states:

Entities regulated by the HIPAA Privacy, Security, and Breach Notification Rules (the HIPAA Rules) must be sure to include mobile devices in their enterprise-wide risk analysis and take action(s) to reduce risks identified with the use of mobile devices to a reasonable and appropriate level.
The article also shared insights about some of the steps OCR considers necessary to meet this expectation,  as including:

  • Implement policies for use of mobile devices that are used to handle PHI;
  • Consider using Mobile Device Management (MDM) software to secure mobile devices;
  • Install or enable automatic lock/logoff functions;
  • Require authentication to access devices;
  • Keep devices’ security features updated;
  • Procure encryption, anti-virus/anti-malware software, and remote wipe capabilities;
  • Use a privacy screen to prevent viewing by third-parties;
  • Assure that Wi-Fi networks used are secure;
  • Use a secure Virtual Private Network (VPN);
  • Institute policies regarding downloading third-party apps on devices which access PHI;
  • Delete all PHI from device before disposing of; and
  • Provide training on secure use of mobile devices for all employees.

Covered entities and business associates should promptly and continuously act to ensure on a systematic and carefully documented basis that their organization is taking these and and other steps necessary to ensure that all mobile device with ePHI are always appropriately encrypted.

We hope this information was helpful.  For more information about HIPAA or other related concerns, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates and join discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Solutions Law Press Health Care Risk Management & Operations Group and registering for updates on our Solutions Law Press Website.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

As a primary focus of this work, Ms. Stamer has worked extensively with domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers, health industry advocacy and other service providers and groups and other health industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is noted for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her services, experience and involvements, e-mail Ms. Stamer here or contact Ms. Stamer via telephone at (214) 452-8297 or see here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides legal risk management and compliance, business strategy and operations,  management, leadership  and other publications, coaching, , training and education tools and other resources on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, we invite you to register to receive other updates and review our other Solutions Law Press, Inc.™ resources available here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


Beef Up Patient Education & Management Tools With Diabetes Alert Day Resources

March 26, 2019

Physicians and other health care providers concerned about helping patients and others prevent and deal with Type 2 Diabetes should use today’s annual Diabetes Awareness Day observances and resources to beef up their Diabetes screening and management efforts and toolkits.

With 1 in 3 adult Americans at risk for Type 2 diabetes, the Centers for Disease Control (“CDC”) and other public and private organizations partnering in The National Diabetes Prevention Program are urging all physicians and other health care providers to partner in their efforts to prevent, delay and manage Type 2 diabetes.

Celebrated every year on the fourth Tuesday in March, Diabetes Alert Day promotes awareness of the prevalence and risks of undiagnosed or unmanaged Type 2 Diabetes to Americans, American taxpayers, health benefit programs and their communities.

  • More than 30 million people in the United States have diabetes and an additional 84 million adults—over a third—have prediabetes, and 90% of them don’t know they have it.
  • Diabetes is the 7th leading cause of death in the United States (and may be underreported).
  • Type 2 diabetes accounts for about 90% to 95% of all diagnosed cases of diabetes; type 1 diabetes accounts for about 5%.
  • In the last 20 years, the number of adults diagnosed with diabetes has more than tripled as the American population has aged and become more overweight or obese
  • Undiagnosed or unmanaged Type 2 diabetes threatens serious and disabling medical risks for afflicted individuals that also are financially costly for patients and their families, their health plans, taxpayers and communities.

While Type 2 Diabetes and its costs often can be prevented or minimized through appropriate diagnosis and treatment, Type 2 diabetes symptoms often develop over several years and go on for a long time without being noticed.  Health care providers generally recognize the need to screen patients for Type 2 Diabetes as well as educating patients to recognize the factors for Type 2 Diabetes and to contact their physician promptly when experiencing these symptoms, but often have limited time and resources to help educate patients and their families.

To start with, the CDC and its partners are encouraging all health care providers to urge their patients to take the online Type 2 Diabetes Risk, screen and educate patients and promote use of CDC-recognized lifestyle change programs to individuals suffering or at risk for Type 2 diabetes.

To help health care providers participate more effectively in the fight to prevent, detect and manage Type 2 Diabetes, the CDC and its partners provide a number of Diabetes screening and management resources for physicians and other health care providers.  These resources include a variety of patient education and screening tools, resources on Medicare and other coverage for diabetes screening and management, a list of

Physicians and other health care providers should check out the resources available from the CDC and take advantage of some of these resources to beef up their Type 2 and other Diabetes patient education, prevention, screening and management efforts, a directory of CDC-recognized lifestyle change programs and  more

Learn more about Type 2 Diabetes cost modeling, screening, prevention and other health care resources Project Cope: Coalition for Patient Empowerment Newsletter and share your own resources and ideas on diabetes and management and other health care best practices, challenges, policies and concerns by participating in our Linkedin  SLP Health Care Risk Management & Operations Group or COPE: Coalition On Patient Empowerment Group or Project COPE: Coalition on Patient Empowerment Facebook Page

About the Author 

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer’s legal, management, governmental affairs work and speaking and publications have focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

As core components of this work, Ms. Stamer helps health industry, health plans and insurers, health IT, life sciences and other health industry clients manage regulatory, contractual and other compliance; vendors and suppliers; Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other private payer and other terms of participation, medical billing, reimbursement, claims administration and coordination, and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Her clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns. Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


FDA Announces Emergency Approval of In Vitro Diagnostic Device Ebola Detection in Congo

February 13, 2019

The Food and Drug Administration (FDA) recent approval of an Emergency Use Authorization (EUA) (the “Authorization”) for an in vitro diagnostic device for detection of Ebola virus (species Zaire ebolavirus and hereafter referred to as Ebola virus) reminds Americans and their health care organizations the Ebola virus outbreak in the Democratic Republic of the Congo remains a public health concern for the U.S.

The Approval that was effective as of November 9, 2018 was announced in yesterday’s Federal Register here.

FDA issued the Authorization under the Federal Food, Drug, and Cosmetic Act (the FD&C Act), as requested by Chembio Diagnostic Systems, Inc. as part of a series of continuing efforts to facilitate management of a continuing Ebola outbreak in the Democratic Republic of Congo.

While the Ebola threat has slipped from the public limelight in the US, World Health Organization (WHO) statistics confirm the continuing threat. WHO says 758 confirmed cases, 61 probable cases, 819 total cases, 516 deaths (455 confirmed, 61 probable) have been reported from DRC as of 11 February 2019.

The Authorization contains, among other things, conditions on the emergency use of the authorized in vitro diagnostic device.

The Authorization follows the September 22, 2006, determination by then-Secretary of the Department of Homeland Security (DHS), Michael Chertoff, that the Ebola virus presents a material threat against the U.S. population sufficient to affect national security. On the basis of such determination, the Secretary of Health and Human Services (HHS) declared on August 5, 2014, that circumstances exist justifying the authorization of emergency use of in vitro diagnostic devices for detection of Ebola virus, subject to the terms of any authorization issued under the FD&C Act.

The Approval follows the recent commencement of inoculations for Ebola of health care workers with a new vaccine approved by the FDA recently on a fast tract basis.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of managed care and other health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer has been continuously involved the design, regulation, administration and defense of managed care and other health and employee benefit, health care, human resources and other staffing and workforce arrangements, contracts, systems, and processes.  As a continuous component of this work, Ms. Stamer has worked closely with these and other clients on the design, development, administration, defense, and breach and data recovery of health care, workforce, insurance and financial services, trade secret and other information technology, data and related process and systems development, policy and operations throughout her career.

Scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues.

Ms. Stamer’s clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;  managed care organizations, insurers, self-insured health plans and other payers and their management; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about contracting, credentialing and quality assurance,  compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Author of works on Payer and Provider Contracting and many other managed care concerns, Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019. Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


2/11/19 Deadline To Comment On Reducing HIPAA Regulatory Burden

December 13, 2018

February 12, 2019 is the deadline for health care providers, health plans, health care clearinghouses, their business associates, health care consumers, employer and other plan sponsors and fiduciaries, and other concerned persons to provide input on reducing the regulatory burdens of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules in response to the December 12, 2018 invitation of the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR).

OCR issued the invitation for public comment in a December 12, 2019 Request for Information (RFI).  The RIF seeks input from the public on how OCR’s HIPAA Privacy and other Rules could be modified to further the HHS Secretary’s goal of promoting coordinated, value-based healthcare. This RFI is a part of the Regulatory Sprint to Coordinated Care, an initiative led by HHS Deputy Secretary Eric Hargan.

HHS developed the HIPAA Rules to protect individuals’ health information privacy and security interests, while permitting information sharing needed for important purposes. However, in recent years, OCR has heard calls to revisit aspects of the Rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based health care. The RFI requests information on any provisions of the HIPAA Rules that may present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information (PHI) and/or patients’ ability to exercise their rights with respect to their PHI.

OCR’s December 12, 2018 press release concerning the RFI indicates that OCR is looking for candid feedback about how the existing HIPAA regulations are working in the real world and how OCR can improve them to improve quality of care and eliminate undue burdens on covered entities while maintaining robust privacy and security protections for individuals’ health information.

In addition to requesting broad input on the HIPAA Rules, the RFI also seeks comments on specific areas of the HIPAA Privacy Rule, including:

  • Encouraging information-sharing for treatment and care coordination
  • Facilitating parental involvement in care
  • Addressing the opioid crisis and serious mental illness
  • Accounting for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act
  • Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices

Public comments on the RFI are due by February 11, 2019.

The RFI follows up on OCR’s announcement of another series of high dollar resolution agreements against covered entities and business associates for alleged breaches of HIPAA’s Privacy or Security Rules, as well as publication of various new guidance intended to help patients, their families, covered entities, business associates and others understand when HIPAA restricts or allows the release of protected health information by covered entities and business associates in mass shooting or other disaster situations, when dealing with patients with substance abuse or mental health conditions and in various other scenarios.  Covered entities, their business associates as well as employer and other health plan sponsors, fiduciaries and others involved with protected health information transactions and disclosures should review this new guidance and evaluate its implications on their actions and practices in addition to sharing input with OCR about opportunities to improve existing HIPAA Rules.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of managed care and other health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer has been continuously involved the design, regulation, administration and defense of managed care and other health care and health benefit arrangements, contracts, systems, and processes throughout her career.  In addition to her extensive provider and payer contracting work, Ms. Stamer also is recognized for her knowledge, experience and leadership on health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;  managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

As a key part of this work, Ms. Stamer throughout her career regularly has worked with health care providers and payers, employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce managed care and other contracts, benefit plans and insurance arrangements, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors, supplier, and patient and member relations and requirements; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about contracting, credentialing and quality assurance,  compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Author of works on Payer and Provider Contracting and many other managed care concerns, Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


Allergy Practice $125,000 Settlement Reminds Health Care Providers, Other HIPAA Entities Of Press-Related HIPAA Risk

November 27, 2018

Physician practices and other health care providers, health plans and insurers, health care clearinghouses (“Covered Entities”) and their business associates should learn from the costly schooling the Allergy Associates of Hartford, P.C. (“Allergy Associates”) is paying to settle charges that its physician violated the Privacy Rules of the Health Insurance Portability and Accountability Act (“HIPAA”) by commenting to a reporter on a patient complaint under a Resolution Agreement and Corrective Action Plan (“Resolution Agreement”) announced by the Department of Health & Human Services (HHS) Office of Civil Rights (“OCR”) yesterday (November 26, 2018).  The latest in a series of OCR HIPAA settlements arising from health care providers improperly discussing or disclosing protected health information (PHI) with the press or other media, the Resolution Agreement reminds health care providers and other HIPAA-Covered Entities and their business associates not to discuss or disclose PHI  with the media or others without first obtaining a HIPAA compliant authorization even to respond to accusations made by the patient or others.

Allergy Associates HIPAA Complaint Charge & Resolution

On November 26, 2018, OCR announced  that Allergy Associates, a three doctor health care practice that specializes in treating individuals with allergies at four locations across Connecticut, has agreed to pay OCR $125,000 and take corrective action under the Resolution Agreement to resolve charges that the comments a physician made to a reporter on a patient dispute with the practice in 2015 violated HIPAA.

According to OCR, the disclosure of patient information that prompted OCR’s HIPAA charges resulted from a physician associated with the practice commenting to a local television station reporter doing on a story about a disabled patient’s complaint to the station that Allergy Associates turned her away from a scheduled appointment because of her use of a service animal.  After the patient contacted the television statement to complain about being turned away by the practice when accompanied by her service animal, the Resolution Agreement indicates that the station contacted the doctor for comment about the dispute between the Allergy Associates’ doctor and the patient.  Although OCR reports its investigation revealed that Allergy Associates’ Privacy Officer instructed the doctor to either not respond to the media or respond with “no comment,” the doctor nevertheless accepted the television station reporter’s invitation to comment and discussed the dispute with the reporter.

The physician’s comments to the reporter were brought to the attention of OCR when OCR received a copy of an October 6, 2015, HHS civil rights complaint filed on behalf of the patient with the Department of Justice, Connecticut, U.S. Attorney’s Office (DOJ) by the Connecticut Office of Protection and Advocacy for Persons with Disabilities (OPA).  In response to this complaint, OCR initiated a joint investigation with DOJ into the civil rights allegations against Allergy Associates. The complaint also alleged that Allergy Associates impermissibly disclosed the patient’s PHI in violation of HIPAA.

OCR found the physician’s discussion of the patient’s complaint without first obtaining a HIPAA-complaint authorization from the patient both violated HIPAA and demonstrated a reckless disregard for the patient’s HIPAA privacy rights.  Additionally, Resolution Agreement also states that OCR’s investigation revealed that Allergy Associates did not take any disciplinary or other corrective action against the doctor after learning of his impermissible disclosure to the media.

To resolve the HIPAA charges, Allergy Associates agrees in the Resolution Agreement and Corrective Action Plan to pay $125,000 as well as to undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.

Other Providers Also Paid High Price To OCR For Sharing PHI With Media

Of course, OCR enforcement action against and Resolution Agreement with Allergy Associates is just one of several reported OCR actions against health care providers for improperly disclosing or allowing the press or other media access to PHI without patient authorization.

For instance, a Resolution Agreement announced by OCR on June 14, 2013 required Shasta Regional Medical Center (SRMC) to pay OCR $275,000 and implement a series of corrective actions for using and disclosing to the media PHI of a patient while trying to perform public relations damage control against accusations reported in the media that SRMC had engaged in fraud or other misconduct when dealing with the patient.   That Resolution Agreement resulted from OCR investigating a January 4, 2012 Los Angeles Times article report that two SRMC senior leaders had met with media to discuss medical services provided to a patient.  OCR’s investigation indicated that SRMC failed to safeguard the patient’s PHI from impermissible disclosure by intentionally disclosing PHI to multiple media outlets on at least three separate occasions, without a valid written authorization. OCR’s review also revealed senior management at SRMC impermissibly shared details about the patient’s medical condition, diagnosis and treatment in an email to the entire workforce.  Further, SRMC failed to sanction its workforce members for impermissibly disclosing the patient’s records pursuant to its internal sanctions policy.

The sanctions were even greater in the May 10, 2017 Resolution Agreement and Corrective Action Plan OCR announced with the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS) for issuing a press release with the name and other PHI  about a patient arrested and charged with presenting an allegedly fraudulent identification card to MHHS office staff to fraudulently obtain care without first obtaining a HIPAA-compliant authorization from the patient. MHHS paid OCR a $2.4 million resolution payment to resolve HIPAA charges OCR brought against MHHS as well as agreed to implement a detailed corrective action plan.  See $2.4M HIPAA Settlement Warns Providers About Media Disclosures Of PHI.

The costs of resolution have been even higher when OCR has addressed disclosures to media made by health care providers or other Covered Entities that allowed their desire for media publicity and coverage of their organizations ahead of patient privacy.  For instance, OCR collected a $2.2 million resolution payment from New York Presbyterian Hospital (NYP) for allowing unauthorized filming and photographing of patients in its facility by a television film crew and other staff filming for the television program “NY Med”  in the hospital.  See $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use.

Furthermore, earlier this year OCR collected a total of $999,0000 from Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH)(collectively, the “Hospitals”) for putting publicity before patient privacy by allowing ABC News documentary film crews to film patients and access other patient information for a news documentary without obtaining prior patient authorization under three settlement agreements with the Hospitals announced by OCR in September, 2018.  The payments were made under three separate settlement agreements between OCR and each respective Hospital made public by OCR in connection with the September 20, 2018 announcement stemming from the Hospital’s allowing ABC film crews to film in patient treatment and other areas for  the ABC medical documentary “Save My Life: Boston Trauma” series.  See $999K Price Hospitals Pay To Settle HIPAA Privacy Charges From Allowing ABC To Film Patients Without Authorization.

OCR’s concern about and intolerance for improper disclosures of PHI to the media by health care providers and other Covered Entities is further demonstrated by OCR’s publication of  its 2016 Frequently Asked Question (Media FAQ) addressing Covered Entities’ responsibilities when dealing with the media coincident with OCR’s announcement of its Resolution Agreement with NYP in 2016.   The Allergy Associates’ Resolution Agreement further reinforces OCR’s continuing commitment to hold health care providers and other Covered Entities and their business associates accountable for complying with HIPAA when dealing with the press and other media.  In the fact of this commitment, health care providers and other Covered Entities must take the necessary steps to implement the appropriate policies, training and controls to ensure that they and their staff and representatives comply with these directives when dealing with press and other media.

Resolution Agreement Also Highlights Need For Sensitivity When Dealing With Disabled Patients With Service Animals

Beyond the HIPAA charges and settlement discussed in the Resolution Agreement, health care providers and other Covered Entities also should heed the factual circumstances that prompted the television interview of the Allergy Associates’ physician that prompted the OCR HIPAA enforcement action as a precautionary warning to ensure that their policies, procedures and staff training for dealing with disabled patients supported by service animals are defensible legally and in the court of public opinion.

The Allergy Associates Resolution Agreement states that OCR’s HIPAA investigation was conducted in response to and in tandem with a Department of Justice (“Justice Department”) Office of Civil Rights investigation of a complaint that Allergy Associates violated the patient’s civil rights by improperly refusing to allow the patient’s service animal to accompany the patient during the patient’s appointment.  The patient’s complaint about the practice that the television reporter asked for and obtained the comments from the Allergy Associates’ physician that OCR found violated HIPAA related to Allergy Associates refusing to allow the patient to be accompanied by her service animal during her appointment with Allergy Associates.

While research as of the date of the publication of this article did not uncover any published record of any Justice Department prosecution or settlement or other official notification concerning the Justice Department civil rights investigation against Allergy Associates, the Justice Department Office of Civil Rights as well as the HHS OCR Civil Rights Division have in the past pursued enforcement action against health care providers and others for improperly restricting or denying access to care or facilities by disabled persons based on their accompaniment by service animals.

Title III of the Americans With Disabilities Act (“ADA”) generally prohibits places of public accommodations, including the professional office of a health care provider, from discriminating against any individual on the basis of disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages, or accommodations of any place of public accommodation, by any person who owns, leases (or leases to), or operates a place of public accommodation, including health care services. 42 U.S.C. § 12182(a); 28 C.F.R. § 36.201. The ADA also requires that such entities make reasonable modifications in policies, practices, or procedures to permit the use of service animals by people with disabilities. 42 U.S.C. § 12182(b)(2)(A)(ii); 28 C.F.R. § 36.302(c).  Health care providers also generally are prohibited from discriminating against and required to provide accommodation to individuals with disabilities under the Rehabilitation Act and the Medicare statutes.

The Justice Department, HHS and courts have interpreted these disability prohibition and accommodation laws as making it illegal for a health care provider or its agent to fail to make reasonable accommodations for a person with a service animal unless the health care provider proves (1) the accommodations would fundamentally alter the nature of the facility or service it provides; or (2) based upon an individual assessment, the hospital determines that the service animal poses a substantial and direct threat to health or safety which cannot be mitigated by reasonable accommodations.  See, e.g., Tamara v. El Comino Hospital, 964 F.Supp.2d 1077 (N.D.Ca. 2013).

While other types of discriminatory actions by health care providers found to be in violation of these rules often trigger substantial damage awards, administrative penalties, disqualification or restriction of Medicare and other federal program participation for violation of Conditions of Participation, to date the reported agency and judicial enforcement actions brought against health care providers for improperly refusing to allow service animals to accompany patients when accessing facilities or receiving care generally have ordered injunctive or other corrective action but have not imposed substantial damage or administrative penalties upon the culpable provider.  Health care providers should avoid the temptation to underestimate the potential seriousness or liability that their organization is likely to incur based on the current lack of substantial financial damage awards or administrative sanctions, however.  The 11th Circuit’s ruling in Sheely v. MRI Radiology Network, P.A., 505 F.3d 1173 (11th Cir. 2007), that noneconomic compensatory damages were available as a remedy for the emotional distressed caused by the violation under the Rehabilitation Act and that the voluntary correction of its policies during the pendency of the litigation did not render moot Sheely’s claim for monetary relief clearly opens the door for a jury to award substantial damages against a health care provider when the jury perceives the circumstances warrant.   Furthermore, health care providers need to keep in mind the typically financial and operational burdens of defending litigation or a Justice Department or HHS OCR Civil Rights investigation and costs of implementation and compliance with administrative or injunctive orders to take corrective action as well as the negative public relations attend these types of complaints, their investigation and resolution. Moreover, health care providers participating in Medicare, Medicaid or other federal health care programs also need to take into account the possibility that an alleged violation of these nondiscrimination rules also can serve as a basis for investigation of compliance with applicable Conditions of Participation for program participation and reimbursement.  Considering these risks, physician and other health care providers should heed the reminder of their obligations to offer and provide proper accommodation to allow appropriate access to disabled individuals with disabilities  requiring service animal support and take steps to review and update their policies, practices and staff training to minimize the risk of potential charges of violation of these requirements.

Health Care Providers, Other Covered Entities Encouraged To Act To Manage HIPAA & Disability Accommodation Risks

The Allergy Associates and other HIPAA Resolution Agreements arising from improper sharing of PHI with the press or other media make clear the need for health care providers and other Covered Entities to exercise great care when dealing with the press and other media.

Clearly, health care providers and other Covered Entities should heed the warning by conducting a risk assessment of their organization’s susceptibility to potential improper disclosures to media or others and reviewing and implementing necessary written policies, procedures and training to prevent the improper disclosure of patient PHI to media or others unless the Covered Entity either secures prior HIPAA-compliant authorization from the patient or can prove the disclosure falls squarely under an exception to the Privacy Rule’s prohibition against disclosure of PHI without authorization except as allowed by the Privacy Rule.

Based on experiences reported in the Allergy Associates and other Resolution Agreements and OCR guidance concerning media disclosures, Covered Entities also generally will want to ensure that their policies, procedures and training extend to all potential sources of communications that could involve patient information and make clear that the Privacy Rule restrictions must be followed even if the circumstances involve allegations of misconduct, special performance by healthcare providers or others that it would benefit the organization or certain individuals to have known to the public, or other circumstances likely to be of interest to the media or other parties.

As part of this process, health care providers and other Covered Entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate management, supervision, training and direction is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations. Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

In conducting this analysis and risk assessment, it also is important that Covered Entities include, but also look beyond the four corners of their Privacy Policies to ensure that their review and risk assessment identifies and assesses and addresses compliance risks on an entity wide basis. This entity-wide assessment should include both communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer.

For this reason, Covered Entities also generally will not only to adopt and implement specific policies, processes and training in these other departments to prohibit and prevent inappropriate disclosures of PHI in the course of those departments operations. As part of these processes, Covered Entities generally will want to implement a  pre-established process for reviewing media or other communications for potential PHI content which includes a requirement for  prior review of any proposed public relations and other internal or external communications containing patient PHI or other information by the privacy officer, legal counsel or another suitably qualified party.

Because of the high risk that the preparation or review of media or other public communications reports will involve the use and disclosure of PHI, Covered Entities also generally should verify that all outside media or public relations, legal, or other outside service providers participating in the investigation, response or preparation or review of communications to the media or others both are covered by signed business associate agreements that fulfill the Privacy Rule and other requirements of HIPAA as well as possess detailed knowledge and understanding of the Privacy and Security Rules suitable to participate in and help safeguard the Covered Entity against violations of these and other Privacy Rules. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of managed care and other health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer has been continuously involved the design, regulation, administration and defense of managed care and other health care and health benefit arrangements, contracts, systems, and processes throughout her career.  In addition to her extensive provider and payer contracting work, Ms. Stamer also is recognized for her knowledge, experience and leadership on health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;  managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long-term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third-party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

As a key part of this work, Ms. Stamer throughout her career regularly has worked with health care providers and payers, employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce managed care and other contracts, benefit plans and insurance arrangements, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors, supplier, and patient and member relations and requirements; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long-term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about contracting, credentialing and quality assurance,  compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Author of works on Payer and Provider Contracting and many other managed care concerns, Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


Apply for 2019 CDC Externships in Public Health Law By 1/31/19

November 21, 2018

Now is the time to apply for selection to participate in the Center for Disease Control (CDC)  Public Health Law Program (PHLP).

The PHLP offers externships in public health law, tribal public health law, and public health administration and communications. The externships consist of 9–14 weeks of professional work experience with PHLP in Atlanta, Georgia. With rolling start and completion dates during the academic year, unpaid externships must qualify for academic credit as authorized by law and public health schools. Applications for summer 2019 positions are due by January 31, 2019.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer’s legal, management, governmental affairs work and speaking and publications have focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients as well as a diverse array of other business and government entities. Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with operational compliance and risk management; strategic planning; product and services development and innovation; workforce and operations management: crisis preparedness and response; public and regulatory affairs and host of other concerns.

As part of this work, Ms. Stamer continuously advises clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters.   She helps clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  She also helps health industry, health plans and insurers, health IT, life sciences and other health industry clients manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other private payer and other terms of participation, medical billing, reimbursement, claims administration and coordination, and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns. Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

As part of this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer also continuously works with a diverse array of clients to monitor, shape and respond to federal and state legislative, regulatory, enforcement and other public policy and regulatory affairs concerns.

Author of leading works on a multitude of these and other concerns, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, and Board Certified by the Texas Board of Legal Specialization in Labor and Employment Law, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or experience publications, speaking, public advocacy or other involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


Trump Signs Sweeping Opiate Prescription & Treatment Reform Bill Into Law

October 24, 2018

Today (October 24, 2018), President Trump signed into law bill he and Congress hope will combat the opioid crisis, H.R. 6, the Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment (SUPPORT) for Patients and Communities Act.

The bipartisan law takes aim at the U.S. Opiate Addiction Epidemic by combining over 70 bills from the House and Senate to combat the opioid crisis, including:

  • H.R. 5773Preventing Addiction for Susceptible Seniors (PASS) Act, which ombines several member bills that aim to prevent opioid overuse by increasing program integrity efforts and resources for beneficiaries to help ensure that they are properly adhering to their prescribed pain medications.
  • H.R. 5775Providing Reliable Options for Patients and Educational Resources (PROPER) Act, which combines several member bills that aim to increase educational resources for Medicare beneficiaries. These resources ensure beneficiaries are aware of the adverse effects of prolonged opioid use and their coverage options for the treatment of pain. The PROPER ACT also eliminates pain-related questions from required patient satisfaction surveys in hospitals.
  • H.R. 5774Combating Opioid Abuse for Care in Hospitals (COACH) Act, which combines several member bills that aim to educate providers and beneficiaries to reduce opioid use, and promotes the development and adoption of quality measure related to opioid use and opioid use disorder treatments.
  • H.R. 6110Dr. Todd Graham Pain Management, Treatment, and Recovery Act, which combines several member bills that aim to eliminate Medicare payment incentives to prescribe opioids instead of non-opioid pain management treatments and expand access to non-opioid alternatives and substance use disorder treatment, including in underserved and rural areas.
  • H.R. 5723Expanding Oversight of Opioid Prescribing and Payment Act, which examines incentives under Medicare hospital payments for prescribing of opioids relative to non-opioid alternatives and the ability to track and monitor opioid use through Medicare claims.
  • H.R. 5676Stop Excessive Narcotics in our Retirement (SENIOR) Communities Protection Act, which extends the authority of Medicare Prescription Drug Plans to suspend payments pending an investigation of a credible allegation of fraud against the provider or supplier in the same manner already available under Medicare fee-for-service today.
  • H.R. 5788Synthetics Trafficking and Overdose Prevention Act of 2018 (STOP Act of 2018), which requires the United States Postal Service to obtain advance electronic data on international mail shipments, which will allow U.S. Customs and Border Protection to target high-risk shipments – including those containing synthetic opioids – for inspection and seizure at the border.

The above bills included measures from many of the following pieces of legislation:

  • H.R. 5675, To amend title XVIII of the Social Security Act to require prescription drug plan sponsors under the Medicare program to establish drug management programs for at-risk beneficiaries.
  • H.R 4841, Standardizing Electronic Prior Authorization for Safe Prescribing.
  • H.R. 5676Stop Excessive Narcotics in our Retirement (SENIOR) Communities Protection Act.
  • H.R.5684, Protecting Seniors from Opioid Abuse Act.
  • H.R. 5699Hospital Opioid Solutions Toolkit (HOST) Act.
  • H.R. T5686, Medicare Clear Health Options in Care for Enrollees (CHOICE) Act.
  • H.R. 5715­­, Strengthening Partnerships to Prevent Opioid Abuse Act.
  • H.R. 5716Commit to Opioid Medical Prescriber Accountability and Safety for Seniors (COMPASS) Act.
  • H.R. 5723Expanding Oversight of Opioid Prescribing and Payment Act.
  • H.R. 5718, Perioperative Reduction of Opioids (PRO) Act.
  • H.R. 5714Education for Disposal of Unused (EDU) Opioids Act.
  • H.R. 5719Reduce Overprescribing Opioids in Treatment (ROOT) Act.
  • H.R. 5725Benefit Evaluation of Safe Treatment (BEST) Act.
  • H.R. 5722Dr. Todd Graham Pain Management Improvement Act of 2018.
  • H.R. 5779 Promoting Quality of Care in Pain Management Act.
  • H.R. 5777, Centralized Opioid Guidance (COG) Act of 2018.
  • H.R. 5790A bill to amend title XI of the Social Security Act to provide for clinical psychologist services models to be tested by the Center for Medicare and Medicaid Innovation, and for other purposes.
  • H.R. 5769, Expanding Access to Treatment Act of 2018.
  • H.R. 5080A bill based on the Comprehensive Opioid Management and Bundled Addiction Treatment (COMBAT) Act of 2018.
  • H.R. 5778, Promoting Outpatient Access to Non-Opioid Treatments Act.

The sweeping legislation will significantly impact the responsibilities of providers prescribing opiates as well as impact the legal and illegal access of patients to these medications, treatment for opiate dependency, and reimbursement for opiate and other related care.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer’s legal, management, governmental affairs work and speaking and publications have focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients as well as a diverse array of other business and government entities. Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with operational compliance and risk management; strategic planning; product and services development and innovation; workforce and operations management: crisis preparedness and response; public and regulatory affairs and host of other concerns.

As part of this work, Ms. Stamer continuously advises clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters.   She helps clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  She also helps health industry, health plans and insurers, health IT, life sciences and other health industry clients manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other private payer and other terms of participation, medical billing, reimbursement, claims administration and coordination, and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns. Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

As part of this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer also continuously works with a diverse array of clients to monitor, shape and respond to federal and state legislative, regulatory, enforcement and other public policy and regulatory affairs concerns.

Author of leading works on a multitude of these and other concerns, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, and Board Certified by the Texas Board of Legal Specialization in Labor and Employment Law, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or experience publications, speaking, public advocacy or other involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


Congress Set To Pass Opiate Addition Crisis Bill

September 26, 2018

Legislation targeting opiate addition crisis in the United States is heading to President Trump for signature.

Yesterday (September 25, 2018), House and Senate leaders reached an agreement on the reconciliation of differences in versions of legislation passed in the House and Senate targeting opiate and other drug addition crisis.

The Opiate Crisis

Opiate addition increasingly is recognized as one of the leading and most costly social and financial challenges in the U.S.

The misuse of and addiction to opioids—including prescription pain relievers, heroin, and synthetic opioids such as fentanyl—is considered a serious national crisis that affects public health as well as social and economic welfare.

according to the National Institutes of Health (NIH), more than 115 people in the United States die after overdosing on opioids every day.

The Centers for Disease Control and Prevention estimates that the total “economic burden” of prescription opioid misuse alone in the United States is $78.5 billion a year, including the costs of healthcare, lost productivity, addiction treatment, and criminal justice involvement.

Concern about the addiction crisis prompted President Trump to make addressing the opiate epidemic a key Administration priority and reform efforts generally enjoy widespread bipartisan support with Congress.

The Bill

In June, the House passed H.R. 6, the SUPPORT for Patients and Communities Act by a vote of 396-14. On September 17th, the Senate passed the Opioid Crisis Response Act of 2018 by a vote of 99-1.

The bipartisan, bicameral agreement allows the final legislation negotiated through the reconciliation process, the “Substance Use–Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act” more commonly referred to as the ‘‘SUPPORT for Patients and Communities Act’’ to move swiftly through both chambers of congress and to the president’s desk.

Among other things, the Bill:

  • Expands opiate addition treatment coverage, requires added utilization management and oversight for coverage of opiate prescriptions and makes other changes to opiate-related Medicare and federal rules, including adding requirements for automatic escalation to external review under a Medicare part D drug management program for at-risk beneficiaries and suspension of payments by Medicare prescription drug plans and MA–PD plans pending investigations of credible allegations of fraud,
  • Requiring expanded coverage and Clains reporting about by healthcare payers including requiring reporting by group health plans of prescription drug coverage information for purposes of identifying primary payer situations under the Medicare program,
  • Modifies provisions regarding electronic prescriptions and post-surgical pain management,
  • Requires prescription drug plan sponsors to establish drug management programs for at-risk beneficiaries,
  • Establishes and expands programs to support increased detection and monitoring of fentanyl and other synthetic opioids,
  • Increases the maximum number of patients that health care practitioners may initially treat with medication-assisted treatment (i.e., under a buprenorphine waiver),
  • Clarifies FDA regulation of non-addictive pain products.
  • Requires the FDA to develop and implement guidelines for opiate prescribing and new safety-enhancing packaging,
  • Targets illegal distribution with new notification, nondistribution, and controlled substances recall rules, expanding controls on illegal importation, and strengthening FDA and CBP coordination and capacity
  • Creating or expanding a plethora of social, treatment, oversight and other programs and services.

Read the full text of the legislation here. For more information about the Bill or its effects, contact the author.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer’s legal, management, governmental affairs work and speaking and publications have focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients as well as a diverse array of other business and government entities. Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with operational compliance and risk management; strategic planning; product and services development and innovation; workforce and operations management: crisis preparedness and response; public and regulatory affairs and host of other concerns.

As part of this work, Ms. Stamer continuously advises clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters.   She helps clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  She also helps health industry, health plans and insurers, health IT, life sciences and other health industry clients manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other private payer and other terms of participation, medical billing, reimbursement, claims administration and coordination, and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns. Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

As part of this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer also continuously works with a diverse array of clients to monitor, shape and respond to federal and state legislative, regulatory, enforcement and other public policy and regulatory affairs concerns.

Author of leading works on a multitude of these and other concerns, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, and Board Certified by the Texas Board of Legal Specialization in Labor and Employment Law, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or experience publications, speaking, public advocacy or other involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


HIPAA Lessons Every Health Plan, Health Care Provider & Business Associate Should Learn From Bankrupt FileFax’s HIPAA Settlement

February 16, 2018

Health care providers, health plans and insurers, health care clearinghouses (Covered Entities) and their business associates within the meaning of the Health Insurance Portability & Accountability Act (HIPAA) should heed the warnings contained in the new Resolution Agreement (FileFax Resolution Agreement) with former HIPAA business associate FileFax, Inc. announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) about their own need to ensure that they and their business associates comply with HIPAA’s business associate and other Privacy, Security, Breach Notification rules as well as the advisability of tightening up their risk management and oversight of business associates that handle protected health information (PHI).

Significant for business associates as what appears to be the first announced resolution agreement with a business associate directly charged by OCR with violating HIPAA and the second resolution agreement pursued and reached with a HIPAA-regulated entity in bankruptcy, the FileFax, Inc. Resolution Agreement OCR announced February 13, 2018 also contains critical lessons for Covered Entities about their dealings with their own business associates when read in conjunction with the April, 2017 resolution agreement the Center for Children’s Digestive Health (CCDH) agreed to resolve OCR charges CCDC, as a Covered Entity, violated HIPAA by allowing FileFax, Inc. to act as its business associate without adequately complying with HIPAA’s business associate requirements.

With widespread media coverage over large scale breaches of health care and other sensitive information placing further pressure upon OCR and other governmental agencies to act to protect Americans’ privacy and data fueling even greater demands for OCR and other agencies to take meaningful action to enforce HIPAA and other privacy and data security requirements, health plans, health care providers, health care clearinghouses (Covered Entities) and their business associates can expect OCR and other agencies to continue to turn up the heat on investigation and enforcement of HIPAA compliance.

In the face of these developments, Covered Entities, their business associates and those responsible for their leadership and operations need to recognize and take the necessary steps both effectively to manage their own HIPAA compliance and risk management as well as to anticipate and make provision to deal with the likelihood that they may face HIPAA responsibilities, exposures and other fallout from their own or another business partner’s breach of PHI or other sensitive data or other HIPAA violations, bankruptcy or other business distress, or other compliance or business event.

HIPAA Privacy, Security & Breach Notification Rule Responsibilities & Risks

The Privacy Rule requires that Covered Entities and their vendors that qualify as “business associates” under HIPAA comply with detailed requirements concerning the protection, use, access, destruction and disclosure of PHI.  As part of these requirements, Covered Entities and their business associates must adopt, administer and enforce detailed policies and practices, assess, monitor and maintain the security of electronic protected health information (ePHI) and other protected health information, provide notices of privacy practices and breaches of “unsecured” ePHI, afford individuals that are the subject of protected health information certain rights and comply with other requirements as specified by the Privacy, Security and Breach Notification Rules.  In addition, Covered Entities and business associates also must enter into a written and signed business associate agreement that contains the elements specified in Privacy Rule § 164.504(e) before the business associate creates, uses, accesses or discloses PHI of the Covered Entity. Furthermore, the Privacy Rule includes extensive documentation and keeping requirements require that Covered Entities and BAs maintain copies of these BAAs for a minimum of six years and to provide that documentation to OCR upon demand.

Violations of the Privacy Rule can carry stiff civil monetary penalties or even criminal penalties.  Pursuant to amendments to HIPAA enacted as part of the HITECH Act, civil penalties typically do not apply to violations punished under the criminal penalty rules of HIPAA set forth in Social Security Act , 42 U.S.C § 1320d-6 (Section 1177).

Resolution Agreements the just announced FileFax Resolution Agreement allow Covered Entities and business associates to resolve potentially substantially larger civil monetary penalty liabilities that OCR can impose under the civil enforcement provisions of HIPAA for HIPAA violations through a negotiated settlement process.  As amended by the HITECH Act, the civil enforcement provisions of HIPAA empower OCR to impose Civil Monetary Penalties on both Covered Entities and BAs for violations of any of the requirements of the Privacy or Security Rules.  The penalty ranges for civil violations depends upon the circumstances associated with the violations and are subject to upward adjustment for inflation.  As most recently adjusted here effective September 6, 2016, the following currently are the progressively increasing Civil Monetary Penalty tiers:

  • A minimum penalty of $100 and a maximum penalty of $50,000 per violation, for violations which the CE or BA “did not know, and by exercising reasonable diligence would not have known” about using “the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances;”
  • A minimum penalty of $1,000 and a maximum penalty of $50,000 per violation, for violations for “reasonable cause” which do not rise to the level of “willful neglect” where “reasonable cause” means the “circumstances that would make it unreasonable for the Covered Entity, despite the exercise of ordinary business care and prudence, to comply with the violated Privacy Rule requirement;”
  • A minimum penalty of $10,000 and a maximum penalty of $50,000 per violation, for violations attributed to “willful neglect,” defined as “the conscious, intentional failure or reckless indifference to the obligation to comply” with the requirement or prohibition; and
  • A minimum penalty of $50,000 and a maximum penalty of $1.5 million per violation, for violations attributed to “willful neglect” not remedied within 30 days of the date that the Covered Entity or BA knew or should have known of the violation.

For continuing violations such as failing to implement a required BAA, OCR can treat each day of noncompliance as a separate violation.  However, sanctions under each of these tiers generally are subject to a maximum penalty of $1,500,000 for violations of identical requirements or prohibitions during a calendar year.  For violations such as the failure to implement and maintain a required BAA where more than one Covered Entity bears responsibility for the violation, OCR an impose Civil Monetary Penalties against each culpable party. OCR considers a variety of mitigating and aggravating facts and circumstances when arriving at the amount of the penalty within each of these applicable tiers to impose.

In addition to these potential civil liability exposures, Covered Entities, their business associates and other individuals or organizations that wrongfully use, access or disclose electronic or other protected health information also can face civil liability under various circumstances.  The criminal enforcement provisions of HIPAA authorize the Justice Department to prosecute a person who knowingly in violation of the Privacy Rule (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, punishable by the following criminal sanctions and penalties:

  • A fine of up to $50,000, imprisoned not more than 1 year, or both;
  • If the offense is committed under false pretenses, a fine of up to $100,000, imprisonment of not more than 5 years, or both; and
  • If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of up to $250,000, imprisoned not more than 10 years, or both.

Because HIPAA Privacy Rule criminal violations are Class A Misdemeanors or felonies, Covered Entities and business associates should include HIPAA compliance in their Federal Sentencing Guideline Compliance Programs and practices and need to be concerned both about criminal exposure for their own direct violations, as well as imputed organizational liability for violations committed by their employees or agents under the Federal Sentencing Guidelines, particularly where their failure to implement or administer these required compliance policies and practices or failure to properly investigate or redress potential violations enables, perpetuates or covers up the criminal breach.

FileFax, Inc.  Breach & Resolution Agreement

While Congress amended the Civil Monetary Penalty provisions of HIPAA enforced by OCR to make many of the requirements and Civil Monetary Penalty sanctions of HIPAA directly enforceable by OCR against business associates as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, the FileFax Resolution Agreement appears to be the first HIPAA resolution agreement with a business associate announced by OCR.

Indeed, OCR’s enforcement action that resulted in the FileFax Resolution Agreement would never have occurred had FileFax, Inc. not become involved in handling medical records containing PHI in the capacity of a business associate for Covered Entities.

Before filing for bankruptcy in 2016, FileFax, Inc. advertised it provided HIPAA-compliant storage, maintenance, and delivery of medical records for HIPAA Covered Entities including Illinois based health care provider CCDC, which entered into a resolution agreement with OCR in April, 2017 to resolve OCR charges that it violated HIPAA by allowing FileFax, Inc. to handle PHI without fulfilling HIPAA’s business associate agreement requirements.

Like the CCDC Resolution Agreement, the FileFax, Inc. Resolution Agreement resulted from an investigation of FileFax, Inc. that OCR began in response to a February 10, 2015 anonymous complaint filed with OCR about FileFax, Inc. about deficiencies in its delivery of these HIPAA services in its capacity as a business associate to Covered Entities. The complaint to OCR alleged that FileFax, Inc. violated these requirements because an individual transported medical records obtained from FileFax, Inc. to a shredding and recycling facility to sell on February 6 and 9, 2015.

OCR’s investigation of the complaint against FileFax, Inc. confirmed that an individual had left medical records of approximately 2,150 patients at the shredding and recycling facility, and that these medical records contained patients’ PHI.  OCR’s investigation additionally found that between January 28, 2015, and February 14, 2015, FileFax, Inc. impermissibly disclosed the PHI of 2,150 individuals by leaving the PHI in an unlocked truck in the FileFax, Inc.  parking lot, or by granting permission to an unauthorized person to remove the PHI from FileFax, Inc. and leaving the PHI unsecured outside the FileFax, Inc. facility.

After OCR commenced its investigation of the complaint, FileFax, Inc. was placed into bankruptcy and a receiver was appointed to liquidate FileFax, Inc.’s assets for distribution to creditors and others in 2016.  Despite the bankruptcy, OCR continued to pursue enforcement against FileFax, Inc. for the HIPAA violations it found through its investigation.  On February 13, 2018, OCR announced that that the receiver on behalf of FileFax, Inc. had agreed in the FileFax Resolution Agreement to pay a $100,000 monetary settlement out of the bankruptcy estate and to arrange to properly store and dispose of remaining medical records found at FileFax, Inc.’s facility in compliance with HIPAA to resolve OCR’s HIPAA charges against FileFax, Inc.

OCR Previously Sanctioned Covered Entity For Involvement With FileFax, Inc.

Beyond affirming the exposure business associates to OCR civil monetary penalties or other enforcement for violating HIPAA, the FileFax Resolution Agreement in conjunction with OCR’s previously announced April 20, 2017 resolution agreement (CCDC Resolution Agreement) with CCDC also demonstrates the need for Covered Entities to recognize that their organizations are likely to face HIPAA investigations or enforcement from HIPAA violations by or OCR audits or investigations of the conduct of their business associates.

In fact, this is exactly what happened to CCDC.  A small, Illinois based Covered Entity, CCDC used FileFax, Inc. to store and dispose of medical records.  As a consequence of the FileFax, Inc. investigation, OCR conducted a compliance review of CCDC.  OCR reports that its compliance review revealed that while CCDC had disclosed to and allowed FileFax, Inc. to store records containing PHI for CCDC since in 2003, neither party could produce a signed business associate agreement (BAA) prior to October 12, 2015.   As a consequence, OCR charged CCDC with violating HIPAA by disclosing PHI to FileFax, Inc. in violation of HIPAA’s business associate requirements.

To resolve its exposure to potentially much greater civil monetary penalties associated with this charge, CCDC agreed under the CCDC Resolution Agreement to pay OCR a $31,000 resolution payment and take a variety of corrective actions.  Beyond requiring CCDC to implement and maintain  written business associate agreements before allowing business associates to possess or access PHI, the corrective action plan imposed as part of the CCDC Resolution Agreement also expressly requires CCDC to promptly investigate information of a possible violation of its HIPAA policies and procedures by  a “workforce member,” which the Privacy Rule defines to include a business associate, and if the investigation reveals a violation, to report the violation and corrective action taken to OCR.

OCR Enforces HIPAA Against Covered Entities & Business Associates In Bankruptcy

OCR’s announcement of the FileFax Resolution Agreement also is significant in its reaffirmation of OCR to its commitment to HIPAA enforcement, even if the HIPAA-violating Covered Entity or business associate goes bankruptcy.

OCR’s enforcement action against FileFax, Inc. despite its bankruptcy and its successful negotiation of the FileFax Resolution Agreement within the bankruptcy should alert Covered Entities and business associates that OCR does not consider the bankruptcy of a Covered Entity or business associate as an obstacle to OCR enforcement against Covered Entities or business associates that violate HIPAA.   The seriousness of OCR’s commitment to enforcement, even in the face of bankruptcy is driven home by its announcement of the FileFax Resolution Agreement on the heels of its December, 2017 announcement of its first OCR HIPAA resolution agreement secured with the formal approval of a bankruptcy court, a resolution agreement (21CO Resolution Agreement) against bankrupt health care provider, 21CO.

Secured with bankruptcy court approval, the 21CO Resolution Agreement resolved potentially much larger civil monetary penalties that the Fort Myers, Florida based provider of cancer care services and radiation oncology could have faced for alleged HIPAA breaches OCR charged it committed in connection with its failure to adequately act to prevent and respond to hacking and misappropriation of records containing sensitive electronic protected health information (ePHI) of up to 2,213597 individuals.

The OCR charges against 21CO arose from an OCR investigation commenced after the Federal Bureau of Investigation (FBI) notified 21CO on November 13, 2015 and a second time on December 13, 2015 than unauthorized third party illegally obtained 21CO sensitive patient information and produced 21CO patient files purchased by a FBI informant.  As part of its internal investigation, 21CO hired a third party forensic auditing firm in November 2015. 21CO determined that the attacker may have accessed 21CO’s network SQL database as early as October 3, 2015, through Remote Desktop Protocol from an Exchange Server within 21CO’s network. 21CO determined that it is possible that 2,213,597 individuals may have been affected by the impermissible access to their names, social security numbers, physicians’ names, diagnoses, treatment and insurance information.

Although it knew of the breaches in November and December, 2015, 21CO waited more than three months after the FBI notified it of the breaches before it sent HIPAA or other breach notifications about the data breach to patients or notified investors in March, 2016. Its March 4, 2016 Securities and Exchange Commission 8-K on Data Security Incident (Breach 8-K) states 21CO delayed notification at the request of the FBI to avoid interfering in the criminal investigation of the breach.

When announcing the breach, 21CO provided all individuals affected by the breach with a free one-year subscription to the Experian ProtectMyID fraud protection service. At that time, 21CO said it had no evidence that any patient information actually had been misused.  However some victims of the breach subsequently have claimed being victimized by a variety of scams since the breach in news reports and lawsuits about the breach.

At the time of the breach and its March 4, 2016 announcement of the breach, 21CO already was working to resolve other compliance issues.  On December 16, 2015, 21CO announced that a 21CO subsidiary had agreed to pay $19.75 million to the United States and $528,000 in attorneys’ fees and costs and comply with a corporate integrity agreement related to a qui tam action in which it was accused of making false claims to Medicare and other federal health programs. See 21CO 8-K Re: Entry into a Material Definitive Agreement (December 22, 2015).  Among other things, the corporate integrity agreement required by that settlement required 21CO to appoint a compliance officer and take other steps to maintain compliance with federal health care laws.  In addition, five days after releasing the March 4, 2017 Breach 8-K, 21CO notified investors that its subsidiary, 21st Century Oncology, Inc. (“21C”), had agreed to pay $37.4 million to settle health care fraud law charges relating to billing and other protocols of certain staff in the utilization of state-of-the-art radiation dose calculation system used by radiation oncologists called GAMMA.  See 21CO 8-K Re: GAMMA Settlement March 9, 2016 ;  See also United States Settles False Claims Act Allegations Against 21st Century Oncology for $34.7 Million.

Based on OCR’s subsequent investigation into these breaches, OCR found:

  • 21CO impermissibly disclosed certain PHI of 2,213,597 of its patients in violation of 45 C.F.R. § 164.502(a);
  • 21CO failed to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic protected health information (ePHI) held by 21CO in violation of 45 C.F.R. § 164.308(a)(1)(ii)(A);
  • 21CO failed to implement certain security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with 45 C.F.R. § 164.306(A) in violation of 45 C.F.R. § 164.308(a)(1)(ii)(B);
  •  21CO failed to implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports as required by 45 C.F.R. §164.308(a)(1)(ii)(D);
  • 21CO disclosed protected health information to a third party vendors, acting as its business associates, without obtaining satisfactory assurances in the form of a written business associate agreement in violation of HIPAA’s business associate rule requirements under 45 C.F.R. §§ 164.502(e) and 164.308(b)(3).

In return for OCR’s agreement not to further pursue charges or penalties relating to the breach investigation, the Resolution Agreement entered into with the approval of the Bankruptcy Court requires that 21CO pay OCR a $2.3 million Resolution Amount and implement to OCR’s satisfaction a corrective action plan that among other things requires that 21CO complete a detailed series of corrective actions to the satisfaction of OCR.

In addition to the OCR investigation that lead to the 21CO Resolution Agreement announced by OCR on December 28, 2017, 21CO experienced other fallout following its March 4, 2016 public disclosure of the breach.  Not surprisingly, the breach notification led to a multitude of class-action civil lawsuits by breach victims and shareholders.  See, e.g., 16 Data Breach Class Action Lawsuits Filed Against 21st Century Oncology Consolidated; 21st Century Oncology data breach prompts multiple lawsuits.  Reports of spoofing and other misleading contacts made to 21CO patients following the breach prompted the Federal Trade Commission (FTC) to issue a specific notice alerting victims about potential false breach notifications and other misleading contacts.  See April 4, 2016 FTC Announcement Re: 21st Century Oncology breach exposes patients’ info.

These and other developments also had significant consequences on 21CO’s financial status and leadership.  By March 31, 2015, 21CO notified the SEC and investors that it needed added time to complete its financial statements.  Subsequent SEC filings document its restatement of financial statements, the departure of board members and other leaders, default on credit terms, and ultimately its filing for Chapter 11 bankruptcy protection in the United States Bankruptcy Court for the Southern District of New York on May 25, 2017.

Because 21CO sought bankruptcy court protection from the fallout of its HIPAA breaches and other compliance and business issues, the 21CO Resolution Agreement required bankruptcy court approval. Funds for payment of the required $2.3 million resolution payment and other charges associated with the investigation apparently are being provided in part from breach liability insurance coverage provided under a policy issued by Beazley Insurance, as the Bankruptcy Court order directs Beazley Breach Response Policy No. W140E2150301 to make immediate payment to the OCR of the resolution amount and the payment of fees incurred by 21CO in connection with regulatory defense issues.

HIPAA & Data Breach Enforcement & Other Risks Growing 

Covered Entities, their business associates, their leaders, investors and members of their workforce need to recognize that the FileFax, CCDC, 21CO and other resolution agreements are part of a growing trend, rather than isolated incidents of enforcement and that their exposure to investigation and enforcement is likely to continue to rise in the face of growing public and Congressional concern about privacy and data security.

While civil monetary penalty enforcement remains much more common than criminal prosecution, Covered Entities, their business associates and members of their workforce must understand that HIPAA enforcement and resulting liability is growing and that this trend is likely to continue if not increase.

While Department of Justice federal criminal prosecutions and convictions under HIPAA remain relatively rare, they occur and are growing.  See e.g.,  Former Hospital Employee Sentenced for HIPAA Violations (Texas man sentenced to 18 months in federal prison for obtaining protected health information with the intent to use it for personal gain); Three Life Sentences Imposed On Man Following Convictions For Drug Trafficking, Kidnapping, Using Firearms and HIPAA Violations (drug king pin gets multiple 10 year consecutive prison terms for unauthorized access to private health information in violation of HIPAA; his health care worker friend sentenced for accessing electronic medical files and reporting information to him); Former Therapist Charged In HIPAA Case; Hefty Prison Sentence in ID Theft Case (former assisted living facility worker gets 37 months in prison after pleading guilty to wrongful disclosure of HIPAA protected information and other charges); Hefty Prison Sentence in ID Theft Case (former medical supply company owner sentenced to 12 years for HIPAA violations and fraud).  While the harshest sentences tend to be associated with health care fraud or other criminal conduct, lighter criminal sentences are imposed against defendants in other cases as well. See e.g., Sentencing In S.C. Medicaid Breach Case (former South Carolina state employee sentenced to three years’ probation, plus community service, for sending personal information about more than 228,000 Medicaid recipients to his personal e-mail account.); HIPAA Violation Leads To Prison Term (former UCLA Healthcare System surgeon gets four months in prison after admitting he illegally read private electronic medical records of celebrities and others.)

While criminal enforcement of HIPAA remains relatively rare and OCR to date only actually has assessed HIPAA civil monetary penalties against certain Covered Entities for violating HIPAA in a couple isolated instances, the growing list of multi-million dollar resolution payments against Covered Entities and with the FileFax Resolution Agreement announcement, now also business associates for violating HIPAA make clear that HIPAA enforcement is both meaningful and growing.   See e.g., Learn From Children’s New $3.2M+ HIPAA CMP For “Knowing” Violation of HIPAA Security Rules ($3.2 million Children’s Medical Center HIPAA Civil Monetary Penalty);  1st HIPAA Privacy Civil Penalty of $4.3 Million Signals CMS Serious About HIPAA Enforcement;  $400K HIPAA Settlement Shows Need To Conduct Timely & Appropriate Risk Assessments; $5.5M Memorial HIPAA Resolution Agreement Shows Need To Audit.  For more examples, also see here.

The experiences of FileFax, Inc., CCDC, 21CO and these other OCR HIPAA Resolution Agreements provide strong evidence that that health plans and other Covered Entities and their business associates can anticipate that OCR will continue to zealously investigate HIPAA breaches and other HIPAA violations.  Aside from OCR’s recurrent affirmations of its commitment to HIPAA enforcement, Covered Entities, their business associates and their leaders must recognize that public and Congressional privacy and data security concerns fueled by the ever growing stream of massive data breaches at Alteryx, eBay, Paypal owner TIO Networks, Uber, Equifax and a long list of other previously trusted prominent businesses are creating additional pressure upon OCR and other agencies to pursue even stronger and more aggressive HIPAA oversight and enforcement. Amid this growing concern, OCR, the FTC and other federal and state agencies with regulatory or enforcement authority over HIPAA or other data security and privacy concerns face increasing scrutiny and pressure to take meaningful action to regulate and enforce HIPAA and other laws intended to protect sensitive data even as private litigants enjoy increasing success in obtaining civil judgments from damages resulting from breaches of their PHI or other sensitive personal information using an expanding arsenal of legal theories of recovery.  In the face of these growing concerns about privacy and data security, OCR can be expected to continue, if not increase its HIPAA compliance enforcement and oversight by OCR.

Furthermore, the experiences of FileFax, Inc., 21CO, CCDC and other Covered Entities and business associates that already have become the subject of OCR investigation or enforcement also reflect that HIPAA resolution payments or penalties paid to OCR and other costs and expenses associated with the defense and resolution of OCR’s investigations and enforcement actions typically only a portion of the financial and other business consequences that Covered Entities or business associates might expect to incur as a consequence of a breach of PHI or other substantial HIPAA violation or charge.

Beyond their potential HIPAA enforcement exposures following a HIPAA covered data breach or other violation, health care or other Covered Entities and members of their workforce experiencing breaches of ePHI or other PHI often also face FTC or other government investigations and enforcement relating their data breaches under the Fair and Accurate Credit Transactions Act (FACTA) and other federal or state identity theft, data privacy and security, electronic crimes and other laws.  They or members of their workforce may face licensing board, credentialing, accreditation, contractual or other investigations or sanctions.  Victims, business partners, investors and others often bring civil litigation to address losses or other injures associated with the breach or other misconduct.  In addition, losses and disruptions in patients, plan member, vendor, investor, employee, management and other business relationships, and other business disruptions also are common.

Where the breach of other HIPAA violation involves a health plan, health plans, their fiduciaries and sponsors also need to give due consideration to the implications and exposures that might arise under the fiduciary responsibility rules of the Employee Retirement Income Security Act (ERISA). Beyond the direct exposure of their health plan to HIPAA and other compliance liabilities, health plan fiduciaries generally will want to consider whether their fiduciary responsibility under ERISA requires that prudent or other steps be taken to safeguard health plan information and maintain and administer their health plan in accordance with HIPAA and other laws.  As a consequence, fiduciaries generally will want to ensure that they take and document prudent steps to evaluate, monitor and address HIPAA and other privacy and data security safeguards to minimize not only the liability exposures of their health plans, but also to help mitigate their own potential personal liability exposures that could arise or be asserted in response to a HIPAA breach or other HIPAA violation involving their health plans.

In the face of these growing risks and liabilities, Covered Entities and their business leaders face a strong imperative to clean up and maintain their HIPAA compliance and other data security to minimize their exposure to similar consequences.  In addition to reaffirming the need for Covered Entities and their business associates to take the necessary steps to maintain and effectively demonstrate the adequacy of their own HIPAA compliance, the CCDC and FileFax Resolution Agreements alert Covered Entities and business associates of the advisability of greater oversight and risk management of their dealings and relationships with the other Covered Entities and business associates with access to or involvement with their PHI or other critical functions.

In light of these rises, leaders, investors, insurers, lenders and others involved with Covered Entities and their business associates should take steps to verify that the Covered Entities and their business associates not only maintain compliance with HIPAA and its business associate and other privacy, data security and breach notification and response requirements, but also maintain appropriate practices, insurance and other safeguards to prevent, respond to and mitigate exposures in the event of a breach of protected health information or other sensitive data.  The bankruptcies and other financial and business fallout of HIPAA or other data breaches experienced by FileFax, Inc. 21CO and other HIPAA-covered and non-HIPAA regulated entities also makes clear that Covered Entities and business associates should anticipate that their own fallout from a breach or other HIPAA event and resulting responsibilities and consequences could be impacted by their own or a business associate’s financial distress or bankruptcy.  Beyond the risk that their own or another entity’s breach, compliance issues, or other financial or business issues could trigger breach investigation, notice or other responsibilities for their own organizations, Covered Entities, business associates and their leaders also should evaluate and revise their HIPAA risk assessments and security plans to address foreseeable threats to the availability, access, retention and security of PHI and associated records and systems.

The Bankruptcy Court’s order to 21CO’s cyber liability insurer to pay the resolution payment required under the 21CO Resolution Agreement and other costs of investigation and defense also strongly suggests that the purchase of insurance and other arrangements for funding costs of defense or settlement should be included in these evaluations.

In light of these rises, leaders, investors, insurers, lenders and others involved with Covered Entities and their business associates should take steps to verify that the Covered Entities and their business associates not only maintain compliance with HIPAA, but also comply with data security, privacy and other information protection requirements arising under other laws, regulations, and contracts, as well as the practical business risks that typically follow the announcement of a breach.  Considering these risks, Covered Entities and their business associates should recognize the advisability of taking meaningful, documented action to verify their existing compliance and ongoing oversight to ensure their organizations can demonstrate appropriate action to maintain appropriate practices, insurance and other safeguards to prevent, respond to and mitigate exposures in the event of a breach of protected health information or other sensitive data.

As part of these efforts, Covered Entities and their business associates should ensure that they have conducted, and maintain and are ready to produce appropriate policies and procedures backed up by a well-documented, up-to-date industry wide risk assessment of their organization’s susceptibility to breaches or other misuse of electronic or other protected health information.  The starting point of these efforts should be to adopt and enforce updated written policies, procedures, technical and physical safeguards, processes and training to prevent the improper use, access, destruction or disclosure of patient PHI.  Processes also should create, retain and be designed to cost effectively track, capture, and retain both all protected health information, its use, access, protection, destruction and disclosure, and the requisite supportive documentation supporting the appropriateness of those action to position the organization cost-effectively and quickly to fulfill required accounting, reporting and other needs in the event of a data breach, audit, participant inquiry or other event.

As part of this process, Covered Entities and business associates should maintain strong and ongoing processes for assessing and monitoring the adequacy of their policies and practices.  In addition to ensuring that their organization has a comprehensive risk management and compliance assessment, Covered Entities and business associates need to conduct documented periodic audits and spot HIPAA audits and assessments.  In doing so, they must use care to look outside the four corners of their Privacy Policies and core operating systems to ensure that their policies, practices, oversight and training address all protected health information within their operations on an entity wide basis. This entity-wide assessment should include communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer.

In connection with these efforts, the enforcement actions make clear that Covered Entities and business associates should adopt, implement and monitor PHI privacy, and security on an entity wide basis.  These efforts should include general policies, practices and procedures as well as specifically tailored policies, processes and training to protect PHI and preserve HIPAA compliance throughout their organization. Testing and analysis should be conducted on a regular basis.  Documented reassessments and testing should be performed in response to software, hardware or other changes or events that could impact security or other operations.  Beyond security, attention also should cover business or system interruption including losses that might occur from the bankruptcy, termination of business or other disruptions of business associates or other parties.  Attention should be paid both to protecting access and use of PHI and ePHI in the course of business as well as the transmission, transport, storage and destruction of records or systems containing such information.

Careful attention should be devoted to ensuring that business associate agreements   as well and other processes provide for HIPAA compliance with respect to all PHI created, used, accessed or disclosed to business associates or others not part of their direct workforce or operating outside the core boundaries of their facilities.

Covered entities and their business associates also must recognize and design their compliance efforts and documentation recognizing that HIPAA compliance is a living process, which require both constant diligence about changes in systems or other events that may require reevaluation or adjustments, whether from changes in software, systems or processes or external threats.

Because the cost of responding to and investigating breaches or other compliance concern can be quite burdensome, Covered Entities and their business associates also generally will want to pursue options to plan for and minimize potential expenses in the design and administration of their programs as well as to minimize and cover the potentially extraordinary costs of breach or other compliance investigation and results that commonly arise following a breach or other compliance event.  As a part of this planning, Covered Entities and their business associates also generally will want to add consideration of changes to federal tax rules on the deductibility of compliance penalty and other related compliance expenditures.

While the Internal Revenue Code traditionally has prohibited businesses and individuals from deducting penalties, fines and other expenditures arising from violations of federal or state laws under Section 162(f) of the Internal Revenue Code, Section 13306 of the Tax Cuts and Jobs Creation Act creates a new exception for amounts  (other than amounts paid or incurred any amount paid or incurred as reimbursement to the government or entity for the costs of any investigation or litigation) that a taxpayer establishes meet the following requirements:

  • Constitute restitution (including remediation of property) for damage or harm which was or may be caused by the violation of any law or the potential violation of any law, or
  • Are paid to come into compliance with any law which was violated or otherwise involved in the investigation or inquiry into a violation or potential violation of any law;
  • Are identified as restitution or as an amount paid to come into compliance with such law, as the case may be, in the court order or settlement agreement, and
  • In the case of any amount of restitution for failure to pay any tax imposed under this title in the same manner as if such amount were such tax, would have been allowed as a deduction under this chapter if it had been timely paid.

Because the true effect of these modifications will be impacted by implementing regulations and a number of other special conditions and rules may impact the deductibility of these payments and the reporting obligations attached to their payment, Covered Entities will want to consult with legal counsel about these rules and monitor their implementation to understand their potential implications on compliance expenditures and penalties.

About The Author

Repeatedly recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, a Fellow in the American College of Employee Benefit Council, the American Bar Foundation and the Texas Bar Foundation and board certified in labor and employment law by the Texas Board of Legal Specialization, Cynthia Marcotte Stamer is a practicing attorney, management consultant, author, public policy advocate and lecturer widely known for health and managed care, employee benefits, insurance and financial services, data and technology and other management work, public policy leadership and advocacy, coaching, teachings, and publications. Nationally recognized for her work, experience, leadership and publications on HIPAA and other medical privacy and data use and security, FACTA, GLB, trade secrets and other privacy and data security concerns, Ms. Stamer has worked extensively with health care providers, health plans, insurers and financial services, and other clients and the government on cybersecurity, technology and processes and other issues involved in the use and management of medical, insurance and other financial, workforce, trade secrets and other sensitive data and information throughout her career.  Scribe or co-scribe of the ABA Joint Committee on Employee Benefits Agency meeting with OCR since 2011 and author of a multitude of highly regarded publications on HIPAA and other health care, insurance, financial and other privacy and data security, Ms. Stamer is widely known for her extensive and leading edge experience, advising, representing, training and coaching health care providers, health plans, healthcare clearinghouses, business associates, their information technology and other solutions providers and vendors, and others on HIPAA and other privacy, data security and cybersecurity design, documentation, administration, audit and oversight, business associate and other data and technology contracting, breach investigation and response, and other related concerns including extensive involvement representing clients in dealings with OCR and other Health & Human Services, Federal Trade Commission, Department of Labor, Department of Treasury, state health, insurance and attorneys’ general, Congress and state legislators and other federal officials.

Ms. Stamer also has an extensive contributes her leadership and insights with other professionals, industry leaders and lawmakers.    Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here. For additional information about Ms. Stamer, see here, e-mail her here or telephone Ms. Stamer at (214) 452-8297.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™  For information about republication, please contact the author directly. All other rights reserved.

 


Check Your Medicare/Medicaid Compliance Against Against Quarterly Guidance Changes List

October 27, 2017

Healthcare providers, Medicare/Medicaid Advantage Plans, beneficiaries, and suppliers should use the Medicare and Medicaid Programs; Quarterly Listing of Program Issuances—July Through September 2017 published today to help confirm compliance and other practices take into account potentially relevant new key Medicare and Medicaid guidance issued during the period from July 1 to September 30, 2017.

Staying up-to-date with the latest Program is critical maintain qualification for benefits and rights and avoid getting nailed for harsh civil or even criminal penalties that violations can trigger. However keeping up with the constantly evolving guidance can be daunting.

The quarterly notice lists updates that happened in the 3-month period along with a hyperlink to the full listing that is available on the CMS Web site or the appropriate data registries that are used as Center for Medicare and Medicaid Services resources. for beneficiaries, providers, and suppliers.

The resource provides a convenient tool for the public to find the full list of qualified providers for these specific services and offers more flexibility and ‘‘real time’’ accessibility. In addition, many of the Web sites have listservs; that the public can subscribe and receive immediate notification of any updates to the Web site. These listservs avoid the need to check the Web site, as notification of updates is automatic and sent to the subscriber as they occur.

This notice is organized into 15 addenda so that a reader may access the subjects published during the quarter covered by the notice to determine whether any are of particular interest. Interested persons should use the Quarterly Notice in concert with previously published notices.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications. Ms. Stamer works with health industry and related businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management, disaster and other crisis preparedness and response, and other performance and operations management and compliance. Her experienced includes career long involvement in advising and defending health industry and other organizations about disaster and other crisis preparation, response and mitigation arising from natural and man-made disasters, government enforcement, financial distress, workplace emergencies and accidents, data breach and other cybersecurity and other events.  For additional information about Ms. Stamer, see here, e-mail her here or telephone Ms. Stamer at (214) 452-8297.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


HHS Picks Hargan As Acting HHS Secretary

October 11, 2017

President Trump has appointed Eric D. Hargan Acting Secretary of the U.S. Department of Health and Human Services (HHS).

Hargan, who was just sworn into office as Deputy Secretary of HHS on Oct. 6, 2017, takes over the duties of former Secretary Dr. Tom Price, who recently resigned in response to criticism about his expenditures for charter flights.

Before joining HHS, Mr. Hargan was an attorney, most recently a shareholder in Greenberg Traurig’s Chicago office in the Health and FDA Business department, where he focused his practice on transactions, healthcare regulations and government relations. He represented investors, companies, and individuals in healthcare investments and issues across the entire sector.

From 2003 to 2007, Mr. Hargan served at HHS in a variety of capacities, ultimately holding the position of Acting Deputy Secretary. During his tenure at HHS, Mr. Hargan also served as the Department’s Regulatory Policy Officer, overseeing the development and approval of all HHS, CMS, and FDA regulations and significant guidances.

Prior to this role, he served HHS as Deputy General Counsel. More recently, he was tapped by Governor Bruce Rauner to serve during transition as lead co-chair for Gov. Rauner’s Healthcare and Human Services committee.

During his time in Illinois, Mr. Hargan taught at Loyola Law School in Chicago, focusing on administrative law and healthcare regulations. He was a member of the U.S. government team at the inaugural U.S.-China Strategic Economic Dialogue in Beijing in 2006-2007, worked with the State Department’s Bureau of Arms Control to advance biosecurity in developing nations, and initiated and led the HHS team that developed the first responses to international food safety and importation issues in 2007.

He received his B.A. cum laude from Harvard University, and his J.D. from Columbia University Law School, where he was Senior Editor of the Columbia Law Review. Mr. Hargan also received a Certificate in International Law from the Parker School of Foreign and Comparative Law at Columbia University.

Before returning to Washington, D.C., Mr. Hargan lived in the suburbs of Chicago with his wife, Emily, and their two sons.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer works with health industry and related businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management, disaster and other crisis preparedness and response, and other performance and operations management and compliance. Her experienced includes career long involvement in advising and defending health industry and other organizations about disaster and other crisis preparation, response and mitigation arising from natural and man-made disasters, government enforcement, financial distress, workplace emergencies and accidents, data breach and other cybersecurity and other events.  For additional information about Ms. Stamer, see here, e-mail her here or telephone Ms. Stamer at (214) 452-8297.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and publisher disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


CMS Publishes Final MACRA Rule

October 14, 2016

The Centers for Medicare and Medicaid Services (CMS) has  released the  2398 page final rule implementing the Medicare Access & CHIP Reauthorization Act of 2105 (MACRA) reforms that Congress has adopted to  replace the  Sustainable Growth Rate (SGR)  rules for determining physician and other clinician payments under Medicare with  the new MACRA Quality Payment Program.

Despite widespread criticism by many physicians and clinicians about the MACRA reforms generally and the proposed regulations implemented in the final rules released today, CMS says the final rule establishes the primary regulatory structure to implement the MACRA reforms in a manner that will  replace the current “flawed SGR payment  system” with a “Quality Payment Program,” equip clinicians with the tools and flexibility to provide high-quality, and flexibility to provide high-quality, patient-centered care.

The sweeping final rule sets the 2017 performance period as a transition year for the 2019 Merit-Based Incentive Payment System payment year.  Ultimately, however, physicians and other clinicians will need to choose between one of two options are having their compensation from Medicare determined under the new Quality Payment Program based on their evaluation of which program best fits their needs based on a thorough understanding and careful evaluation of the complex rules in the final regulations and any refinement to the rules that CMS subsequently issues:

  • Advanced Alternative Payment Models (APMs) or
  • The Merit-based Incentive Payment System (MIPS)

If a Clinician decides  to participate in an Advanced APM, through Medicare Part B he or she may earn an incentive payment for participating in an innovative payment model.

If the clinician decides to participate in traditional Medicare Part B, then he will participate in MIPS where he  earns a performance-based payment adjustment.

In order to position themselves to timely respond to the impending changes, conduct the evaluations necessary to determine which approach is likely to best fit their interests and timely act to submit the data, make elections, implement processes and complete other steps to prepare for and timely comply with the final rule, physicians, clinicians and others impacted by these rules must begin as soon as possible to carefully and systematically become educated about the provisions and terms of the final rule, to modify their processes and procedures to capture the data and administer the billing, coding and other functions necessary to evaluate options, timely submit data and make elections and come into compliance with the requirements of the final rules as they take effect while at the same time positioning themselves to adapt these arrangements in response to additional guidance that CMS and other anticipate will be forthcoming as CMS moves forward to full implementation of MACRA.

Solutions Law Press, Inc. is working to prepare additional summaries and other updates exploring certain key details of the lengthy and highly technical provisions of the final rules, as well as monitoring developments that might impact these rules.  Stay tuned here for more details.

About The Author

Foundation and the Texas Bar Foundation, current American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, former scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and JCEB Council Representative, former Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section,  the former Board President and Treasurer of the Richardson Development Center for Children Early Childhood Intervention Agency, and past  Board Compliance Chair of the National Kidney Foundation of North Texas, and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, the author of this update, attorney Cynthia Marcotte Stamer, is AV-Preeminent (the highest) rated attorney repeatedly recognized for her nearly 30 years of experience and knowledge representing and advising healthcare, health plan and other health industry and others on these and other regulatory, workforce, risk management, technology, public policy and operations matters as a Martindale-Hubble as a “LEGAL LEADER™” and “Texas Top Rated Lawyer” in Health Care Law, Labor and Employment Law, and Business & Commercial Law and among the “Best Lawyers In Dallas” by D Magazine.

Ms. Stamer’s health industry experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Ms. Stamer also is known for her experience in HIPAA and other privacy and data security and breach concerns.  The scribe for ABA JCEB annual agency meeting with OCR for many years, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical  staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

You can get more information about her health industry experience here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press Inc.™

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

If you found these updates of interest, you may be interested in other recent Solutions Law Press, Inc. updates like the following:

Go here to register to receive other Solutions Law Press, Inc. updates and announcements about other upcoming briefings, training or other programs, products, services, and activities or to learn more about Solutions Law Press, Inc., its publications, programs and training, PROJECT COPE: Coalition on Patient Empowerment community service and education projects, event management and other resources and services.

For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2016 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press, Inc. All other rights reserved.

 


Health Care Providers, Provide ACO, Reimbursement Reform Input To HHS

March 2, 2015

Physicians, nurses, hospitals and other health care providers, patients and others concerned about health care reimbursement and other health care reforms in the United States should sign up and participate in the new Health Care Payment Learning and Action Network (“Network”) the Department of Health and Human Services (HHS) is creating to help shape ongoing reform  of the US health care delivery system to promote better care, smarter spending, and healthier people through the expansion of new health care payment models and other reforms.  HHS is inviting private payers, employers, providers, patients, states, consumer groups, consumers, and other partners within the health care community to register here to participate in the Network activities including  kickoff event scheduled for Wednesday, March 25, 2015.

HHS hopes cooperation through the Network will help the entire U.S. health care system match and exceed the following HHS goals for Medicare:

  • Tying 30 percent of payments to quality or value through alternative payment models, such as Accountable Care Organizations (ACOs) or bundled payment arrangements by the end of 2016, and
  • Tying 50 percent of payments to alternative payment models by the end of 2018. The Network will also support the broader goal of tying the vast majority of payments in the health care system to quality or value.

As HHS moves forward to promote ACOs and other reforms, it is particularly important that providers and patients provide feedback and input about the goals and ideas HHS is promoting as solutions for “improving” health care.  While HHS often touts consolidation of care into ACOs and other reimbursement strategies using government generated standards of quality as the best means of improving quality and cost-effectiveness, many patients, providers and others worry that HHS ACO and other reimbursement reforms as presently implemented or contemplated by HHS cut costs at the expense of patients by denying reimbursement or other access for effective care options based on cost or ignore other patient needs in the name of cost savings.  Active, consistent participation in these and other opportunities for input is critical for those concerned about these and other issues to question and shape the goals, assumptions and actions HHS, Congress and others take to change the U.S. health care system.

HHS says most Network meetings will occur virtually by teleconference or webinar. In-person meetings will occur in the Washington D.C. area. HHS plans to hold the first live streaming of the kickoff event on Wednesday, March 25, 2015. HHS will share details through e-mails to those registered online to participate in the network.  Individuals and organizations concerned about ACO and other HHS-lead health care reforms are urged to register and participate in the Network as one of the ways to help monitor and shape health care reform as lead by HHS.

About Project COPE: The Coalition On Patient Empowerment &  Coalition on Responsible Health Policy

Do you have feedback or other experiences to share about medical debit, ACA or other health care challenges?  Have ideas for helping improve our system, helping Americans cope with these and other health care challenges or other health care matters? Know other helpful resources or experiences that you are willing to share?  Are you concerned about health care coverage or other health care and disability issues or policy concerns?  Join the discussion and share your input by joining Project COPE: Coalition for Patient Empowerment here.

Sharing and promoting the use of practical practices, tools, information and ideas that patients and their families, health care providers, employers, health plans, communities and policymakers can share and offer to help patients, their families and others in their care communities to understand and work together to better help the patients, their family and their professional and private care community plan for and manage these  needs is the purpose of

The Coalition and its Project COPE are founded and operate based on the belief that health care reform and policy must be patient focused, patient centric and patient empowering.  The best opportunity to improve access to quality, affordable health care for all Americans is for every American, and every employer, insurer, and community organization to seize the opportunity to be good Samaritans.  The government, health care providers, insurers and community organizations can help by providing education and resources to make understanding and dealing with the realities of illness, disability or aging easier for a patient and their family, the affected employers and others. At the end of the day, however, caring for people requires the human touch.  Americans can best improve health care by not waiting for someone else to step up:  Step up and help bridge the gap when you or your organization can. Speak up to help communicate and facilitate when you can.  Building health care neighborhoods filled with good neighbors throughout the community is the key.

The outcome of this latest health care reform push is only a small part of a continuing process.  Whether or not the Affordable Care Act makes financing care better or worse, the same challenges exist.  The real meaning of the enacted reforms will be determined largely by the shaping and implementation of regulations and enforcement actions which generally are conducted outside the public eye.  Americans individually and collectively clearly should monitor and continue to provide input through this critical time to help shape constructive rather than obstructive policy. Regardless of how the policy ultimately evolves, however, Americans, American businesses, and American communities still will need to roll up their sleeves and work to deal with the realities of dealing with ill, aging and disabled people and their families.  While the reimbursement and coverage map will change and new government mandates will confine providers, payers and patients, the practical needs and challenges of patients and families will be the same and confusion about the new configuration will create new challenges as patients, providers and payers work through the changes.

We also encourage you and others to help develop real meaningful improvements by joining Project COPE: Coalition for Patient Empowerment here by sharing ideas, tools and other solutions and other resources. The Coalition For Responsible Health Care Policy provides a resource that concerned Americans can use to share, monitor and discuss the Health Care Reform law and other health care, insurance and related laws, regulations, policies and practices and options for promoting access to quality, affordable healthcare through the design, administration and enforcement of these regulations.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available hereYou also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Examples of some of these recent health care related publications include:

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.  You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns from Ms. Stamer, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2015 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.

 

%d bloggers like this: